July 17, 2018 admin

GDPR and Cyber Security: a multi-faceted approach

In April 2016, the European Parliament approved the General Data Protection Regulation (GDPR) which introduced numerous changes to the treatment of personal data, including the rights of the effected parties, criteria for compliance, methods of control and sanctions to be applied in case of violation. The new regulation entered into effect on May 25, 2016, with implementation required before May 25, 2018. Some of the new rules introduced by GDPR required companies to adopt specific technologies for processing digital information: for example, log management, extended access monitoring, database encryption, full-disk encryption, and file encryption, as well as the management of data on mobile devices and the monitoring of cyber security services in the cloud.

Also pertinent to this regulation is the fact that, according to credible reports, cyber attacks created an estimated damage of 30 billion euro in 2016, affecting various sectors from Healthcare (+102% of attacks with respect to those of last year) and Finance (+64%) to Critical Infrastructure (+15%).

Instead of alarming us, this emerging phenomenon should motivate us to identify and invest in critical areas that can reduce (to the absolute minimum) the vulnerability of a company’s assets. Along with security products, which are already highly sophisticated, the point of weakness seems to be the end-users.

In this session, Luca Bonadimani will focus on the adequate preparation of a company’s human resources and show how investing in human awareness and company culture can increase the security of infrastructure and data. He will also discuss the main technologies underlying the introduction of GDPR to organizations.