RiskIQ, a digital threat management platform provider, has added an analytics feature to its Digital Footprint asset management product to help organizations comply with the European Union (EU) General Data Protection Regulation (GDPR). With this feature, organizations can expedite compliance during the initial and subsequent GDPR audit processes, RiskIQ said.
The analytics feature identifies an organization's websites and highlights specific pages that collect personally identifiable information (PII), according to a prepared statement. It automatically highlights web pages where personal data is being solicited.
In addition, the analytics feature provides inventory tags and reports to help IT and security teams track GDPR policy violations, RiskIQ indicated. It also identifies the appearance of new sites and PII collection pages, RiskIQ noted, and checks that data is being collected securely and approved data usage notices and user consent are present.
Organizations can use the analytics feature to gain insights into their PII collection points, RiskIQ said. As such, the feature can help these organizations ensure that their websites comply with GDPR and eliminate the risk of regulatory violations.
Digital Footprint provides continuous monitoring and scanning of digital assets, RiskIQ pointed out. The platform helps organizations track their digital attack surface outside of a firewall, RiskIQ stated, and ensures IT and security teams can identify both known and unknown cyber threats.
What Is GDPR?
GDPR is a data privacy regulation that takes effect across the EU in May 2018. It is designed to protect and empower EU citizens against data privacy and requires organizations to implement a variety of safeguards to protect customer information against cyber threats.
Organizations that fail to comply with GDPR will be penalized if PII is compromised or solicited and handled insecurely. In fact, an offending organization may receive fines of up to 4 percent of its annual revenue (up to €20 million, or roughly $26.5 million) if it violates GDPR security provisions.
Also, GDPR ensures that EU citizens know and consent to how their PII is being used. The requirement provides EU citizens with the ability to gain access to data stored about them, transfer it to a third-party and have it deleted.
Although organizations are allocating significant time and resources to update their data privacy measures to comply with GDPR, uncertainty and confusion persist about the regulation, which is reflected in a survey of IT professionals from 1,600 global organizations conducted by network security solutions company WatchGuard Technologies and research firm Vanson Bourne.
The WatchGuard-Vanson Bourne survey revealed 37 percent of respondents said they do not know if their organization needs to comply with GDPR. Moreover, 28 percent stated they believe their organization does not have to comply with GDPR.