Bruce Beam, CISSP recently joined the (ISC)² family as our director of infrastructure and security. Bruce has more than 20 years of experience leading IT/ICT and security teams for large enterprises and the U.S. Navy. He is leading all aspects of (ISC)²’s global IT/ICT and cybersecurity operations.
He is not only managing the (ISC)² “DETE” (digital-end-to-end) initiative, but also oversees our Global Data Protection Regulation preparations. Bruce has words of advice for surviving – and thriving – through GDPR:
The GDPR sweat is now in full swing with the May 25 deadline looming. I have seen a lot of gloom and doom about the penalties many companies may be paying in June.
While there is a lot to accomplish and the deadline is fast approaching, this is one area where you can turn that frown upside down! Smile and look at GPDR as a great opportunity to transform and clean house. We are all trying to complete the elusive “digital transformation” and this event is a key enabler to getting rid of legacy applications and data, which most have long forgotten.
Dust off those policies you have not updated … in forever … and take a swipe at the data retention and classification policies to align them with your future goals. Get rid of tons of data!
Revisit old technologies handling GDPR-relevant data. This is the time to move to other systems and ask the tough questions; “Do we need this data?” and the better one, “Are we even using this data?”
Save money on storage. Yes, we all have those backups for “just in case,” but this is the time to move to a smarter system, dedupe that data, put air gaps in place (more security benefit … yeah!) and match your backup to the newly-minted data retention policy you just finished. A side benefit to this is that you may be breaking down old “data silos” and getting rid of copies you didn’t know existed.
Train your team and let them know the benefits of having less data to parse, making it easier to find what you’re really looking for in your backups. I am sure your legal team will have a smile on their face when they learn legal discovery will have less data to shift through as well!
Get rid of old lead data that someone said they were going to use eventually. Start fresh with a clear direction and new opt-in marketing. Success rates will rise and, again, less chaff.
So smile big, get happy and start saving time and money with rulesets you can put on your side. You will operate more efficiently and securely. Who knows, with big enough savings, your CFO and board just might join in with a smile too … happy compliance!