The General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of geographical location of the organization or data. GDPR aims to give individuals control over their personal data and simplify the regulatory environment for international business by unifying the regulation within the EU. Businesses must report data breaches to national supervisory authorities within 72 hours, and penalties for infringement of GDPR can be up to €20,000,000 or 4% of worldwide annual turnover. GDPR raises the bar for organizations to protect against data breaches and manage the cybersecurity programs to maximum effect.
Key elements of a program to support GDPR requirements include:
Because Proficio operates a Security Operations Center (SOC) in the European Union and services enterprise clients headquartered in Europe, we have been actively involved with GDPR from its inception.
Proficio’s managed detection and response services provide a critical component to any organization’s program, protecting their data and the privacy of personal data collected in the course of business. Proficio uses a combination of threat discovery uses cases, AI-based threat hunting models, and Security Analyst investigations to determine which security events should be escalated for automated or manual incident response. Proficio’s proprietary Threat Intelligence Platform (TIP) enriches log data, provides context to alert notifications, and enables us to more accurately detect threats. We use industry leading vulnerability management scanning technology to discover assets and known vulnerabilities. Found vulnerabilities are prioritized by the type of asset and whether the vulnerability is real and exploitable. Proficio also uses a patent pending algorithm that quantifies risk and identify gaps in security controls, enabling continuous improvement of an organizations security program.