GDPR Is Coming And We’re Ready

GDPR Is Coming And We’re Ready

GDPR Is Coming And We’re Ready

Less than a month from now, new European privacy laws will come into effect. Much has been publicized about the EU’s GDPR (General Data Protection Regulation) and its requirement for more governance and transparency around personal data privacy and security. At Options, we see this regulation beyond its European scope and have adopted a global framework and policies to protect the data of all clients on our platform, regardless of location. As the May 25 deadline approaches, we take a look at some of the measures already in place.

The Options GDPR Readiness Program

We have engaged with both legal counsel and independent GDPR consultants to deliver our GDPR Readiness Program. As part of this program, our team has implemented many technical, physical, operational and organizational controls to ensure data privacy in line with GDPR requirements. These controls range from additional user awareness training to our adoption of leading security technologies such as Splunk, a Security Information Event Management (SIEM) tool, and secure multi factor authentication solutions, to name just a few.

Tech ready                                                    

Speaking of leading security technologies, we have made a significant investment on the data analytics side. In particular, we have deployed GDPR toolsets from Varonis, a leading data protection company which provides automated scanning for hundreds of types of personal information on our core platform. Not only can Options report on this data but Varonis Privileged Access Management (PAM) capabilities allow us to apply least privilege principles as well as automated searching, auditing and alerting capabilities (more on that in a future blog).

Watchdog

Our clients entrust us with protecting their data and our response is to ensure information security is integral to the service we provide. To ensure everything runs as it should, we have appointed a dedicated Data Protection Officer to monitor compliance with the regulations as well as to enhance GDPR awareness and act as a point of contact with relevant entities and authorities.

In conjunction with our Information Security, Vendor and Risk Management Frameworks, we believe the governance and controls we have applied place us in an excellent position to not only meet the needs of GDPR but also to deal with new and emerging threats to information privacy and security. Please reach out if you would like to learn how this readiness program supports your firm’s GDPR compliance obligations.

Stay tuned for the upcoming Varonis blog in which we will take a deeper dive into the specific GDPR features we have deployed.

John Gracey, VP Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *