Over the past few months, we’ve seen organisations rush to figure out their positioning when it comes to compliance. Now, the day is finally here, so how can organisations ensure they meet the requirements of GDPR?
The problem is nobody knows what sensitive information has been pulled out of various applications and databases over the years. As a result there are a lot of unknowns about the impact of trying to control and manage data stored in files and folders. Consequently, there will now be a sudden urgency to address privacy issues around information that is currently outside of IT's purview, because it is stored in files and folders. To combat this, the first order of business has to be discovery and visibility, before putting the appropriate access controls in place.
To achieve the full visibility needed to comply with GDPR, organisations should focus on a few key identity governance priorities: locating personally identifiable information, understanding who has access to it and implementing and maintaining proper access controls for that data. Adhering to the following five-step method will not help organisations identify unstructured insights, but will also put them in a position of power to protect GDPR-regulated data stored in both structured or unstructured systems, ensuring they meet the requirements of GDPR.
Mark McClain, CEO, SailPoint