GDPR – General Data Protection Regulation
The European Union (E.U.) Regulation 2016/679 GDPR (General Data Protection Regulation) became enforceable on May 25, 2018. Any organization which holds E.U. citizen data, regardless of the organization's location, is responsible for following these new guidelines.
The GDPR aims primarily to give control back to citizens and residents over their personal data while standardizing the regulatory environment of international business.
GDPR compliance effects any organization that collects, processes, and/or stores any E.U. citizen's information. According to GDPR:
- Personal data should not be used without consent
- Organizations are accountable for E.U. citizen data and who can access it (including third-party vendors)
- Citizens have the right to update their data or request its deletion
- Fast notification of breaches is mandatory
Fines are imposed if an organization fails to manage the data privacy appropriately.
CIS has released a white paper that explains more about the GDPR regulation and will help you understand how best practices can help your organization be more compliant and secure.
Every organization that handles E.U. citizen data is responsible for implementing appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with the regulation. CIS offers best practices and cybersecurity solutions to help organizations on the path to GDPR compliance.
A strong starting point is to utilize a CIS SecureSuite Membership, which includes access to tools such as CIS-CAT Pro and remediation kits, to assess and harden systems. “Hardening” is the process of limiting vulnerabilities in a system to reduce cyber threats.
Learn About CIS-SecureSuite Membership
CIS Hardened Images
CIS Hardened Images conform to the applicable security standards of the CIS BenchmarksTM, bringing on-demand security to cloud computing environments.
View Available CIS Hardened Images
The CIS Controls can serve both as a measurement process to encourage compliance as well as for implementing a security control framework within your organization. In many cases, the entire CIS Controls can be applicable to implement a structured and measured approach to compliance and security for the organization.
Download the CIS Controls