GDPR & Options
GDPR & Options
Much has been publicized about the EU’s GDPR (General Data Protection Regulation) and its requirement for more governance and transparency around personal data privacy and security. At Options, we see this regulation beyond its European scope and have adopted a global framework and policies to protect the data of all clients on our platform, regardless of location.
The Options GDPR Readiness Program
We have engaged with both legal counsel and independent GDPR consultants to deliver our GDPR Readiness Program. As part of this program, our team has implemented many technical, physical, operational and organizational controls to ensure data privacy in line with GDPR requirements. These controls range from additional user awareness training to our adoption of leading security technologies such as Splunk, a Security Information Event Management (SIEM) tool, and secure multi factor authentication solutions, to name just a few.
Speaking of leading security technologies, we have made a significant investment on the data analytics side. In particular, we have deployed GDPR toolsets from Varonis, a leading data protection company which provides automated scanning for hundreds of types of personal information on our core platform. Not only can Options report on this data but Varonis Privileged Access Management (PAM) capabilities allow us to apply least privilege principles as well as automated searching, auditing and alerting capabilities (more on that in a future blog).
Our clients entrust us with protecting their data and our response is to ensure information security is integral to the service we provide. To ensure everything runs as it should, we have appointed a dedicated Data Protection Officer to monitor compliance with the regulations as well as to enhance GDPR awareness and act as a point of contact with relevant entities and authorities.
In conjunction with our Information Security, Vendor and Risk Management Frameworks, we believe the governance and controls we have applied place us in an excellent position to not only meet the needs of GDPR but also to deal with new and emerging threats to information privacy and security. Please reach out if you would like to learn how this readiness program supports your firm’s GDPR compliance obligations.
Stay tuned for the upcoming Varonis blog in which we will take a deeper dive into the specific GDPR features we have deployed.
John Gracey, VP Cybersecurity