This article appeared in the March 14, 2018 issue of ITBusinessEdge
With the EU’s General Data Protection Regulation (GDPR) only less than three months away from enforcement, organizations are (hopefully) pulling together their GDPR strategy. However, the nuances of GDPR are something most of us are still trying to understand – and we probably won’t grasp until the regulation is in effect and tested. In the rush to meet the compliance standards, errors will likely be made. I talked to security experts, and here are some of the more common GDPR prep mistakes.
“When it comes to GDPR compliance, the primary focus for most enterprises is on determining customer, partner, and employee-held data elements by the organization. Unfortunately, most have overlooked the significant amount of data collection activities occurring via the organization’s websites and mobile apps,” explained Chris Olson, CEO of The Media Trust. “This is a critical oversight since there are anywhere between tens to hundreds of unknown vendors not only executing code but also collecting personally identifiable information on website visitors. In fact, enterprises tend to find two to three times more vendor-contributed code on their websites than expected.”