May 2018 is almost upon us. Are you ready for GDPR? Many companies we have spoken to are not ready. There is a "wait and see" attitude. You can wait and see if your company is among the first to be audited for GDPR. Or you can begin now and at least show that you are making certain steps to compliance.
The IBM i is often (but not always) omitted in the first round of GDPR compliance analysis. The reason for this is often the lack of resource and knowledge of what data is on the IBM i. But if you have any personal information, financial or otherwise of your customers or employees stored either in the IBM i database or on the IFS then you should be taking steps to protect that data.
There are a number of ways to protect the data, you can encrypt it (or parts of it), you can restrict access to the IBM i, its database, the IFS and of course the backups which have been made over the years. And remember, data can find its way all over your network, inside and outside the company. Each time a colleague has downloaded, for example the HR employee file, to his or her PC in the form of an excel file etc. that information also will need to be classified and protected.
There is no silver bullet!
It would be great if there was one app you could install that would solve all your GDPR headaches in one go. Unfortunately that app doesn't exist. A lot depends on your environment, the platforms you use and the data you hold. But do not despair, combine the right tools with expertise and you will come a long way.
It is a huge challenge.
We at SRC Secure Solutions can help you with these challenges, using our experience, expertise and best-of-breed software and services. So don't hesitate to contact us, discuss your concerns and let us help you to overcome them.
We hope you find the articles useful and we look forward to welcoming you to our website where you can find much more information.
What is GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation that strengthens and unifies data protection for all individuals within the European Union (EU). It is intended to protect personal data and establishes how organizations process, store, and ultimately destroy it when the data is no longer required. The regulation becomes enforceable from May 25, 2018 and affects all organizations, companies and entities worldwide that processes personal data of individuals within the EU. Non-compliance will result in fines of up to EUR 20 million or 4% of the global annual corporate revenue, whichever is greater.
Impact on companies
Data Subject Rights
The GDPR gives individuals the right to request a copy of their personal data, to seek erasure, modification or portability of their data and (in certain cases) withdraw consent/object to certain types of processing activity. EU based organizations will expect systems and processes offered by companies to be designed to help comply with these requirements. Companies should build supporting functionality into systems.
Companies will have direct responsibility to ensure appropriate data security measures are adopted when processing data. Previously this responsibility sat exclusively with the customer (controller), but will now need to be actively managed jointly in co-operation with the customer on a mutually agreed basis.
Companies must maintain a full record of all ‘processing operations’ which they carry out on behalf of their customer involving the processing of personal data. This means keeping an up-to-date register of services being performed on each category of customer originating data.
Supply Chain Management
Customers will be required to conduct more robust risk assessments before engaging third party providers to process data. They will apply more robust contract protections and conduct regular audits. Companies should be prepared to respond positively to this evolving regime, especially during tender processes and contract negotiations to mitigate risk and create a competitive advantage.
Notification of Data Breach
Companies will be required to notify the customer (controller) ‘without undue delay’ as soon as it becomes aware of a data breach involving loss of personal data. Customers are likely to expand on this in contractual arrangements, to meet their own obligations to notify regulators within 72 hours of a breach.
Using tools and expertise from SRC Secure Solutions you can reach GDPR compliance on your IBM i in good time.
See the datasheet: Click here
Is your network connected and still 100% secure? If it were possible to make and keep a network 100% secure from outside or inside the DMZ we would hardly ever hear reports of data breaches, ransomware attacks and the like.
For more information and reservation click the link below.
For a limited period only SRC Secure Solutions is offering IBM i users a free security assessment which can be used as part of your preparations for GDPR/AVR compliance.
Contact us using this link to find out more
Want to know more about GDPR? use these links:
Gain GDPR Compliance
GDPR Datasheet iSecurity
10 Ways to prepare for GDPR
What Is GDPR?
Do you want to make an appointment with SRC Secure Solutions to discuss your IBM i security concerns? Email us at firstname.lastname@example.org.
What Does GDPR Mean to an IT Manager, CTO, or Systems Admin?
In January's issue we introduced Smartcrypt Data Discovery. I just want to mention briefly here that a part of the GDPR regulation, all personal data must be inventoried and when required must encrypted in the right manner.
Do you want to know more about Smartcrypt and Data Discovery and Classification?
Follow this link to our webpage
read our blog in InfoSecurity magazine.
SRC Secure Solutions is now able to provide Risk Assessments on these major platforms; IBM i, IBM z/OS and Open Systems. These assessments are executed with the aid of specialists and specialist software. We have already carried out number of scans which have highlighted vulnerabilities otherwise unnoticed. In this way we have helped our clients to avoid data breaches and limit any potential damage to reputation and data.
If you would like to talk to us about our Risk Assessments and Security Scans please contact us by email on email@example.com
Join other IBM i Enthusiasts at the HQ IBM Netherlands on April 12 in Amsterdam!
- 14.00 Inloop/ontvangst
- 14.30 Welkom Huibert van de Putte, Business Unit Executive IBM Server Solutions Benelux
- 14.45 Annoncering Power9, Update IBM i/AIX/Linux en Trends & Directions, Simon Porstendorfer, IBM Principal Offering Manager Scale Out - Power Systems, USA
- 15.45 Pauze
- 16.00 DB2 for i, Scott Forstie, Business Architect, IBM i developerWorks Content Manager IBM Systems, USA
- 17.00 30 jaar IBM i, ontwikkelingen nu en de komende 10 jaar, Scott Forstie
- 18.00 Borrel
Direct aanmelden! Use this link to see more
Working in partnership with the worlds best suppliers of Security and Encryption software and services SRC Secure Solutions is able to advise on and select the best solution for your organisation.
Working with security experts from several disciplines we have the knowledge and expertise to guide you through the maze of security threats and vulnerabilities which threaten your business.
Our partners include;