GDPR & EDR: Protecting Personally Identifiable Information of EU Citizens

Reading time: 3 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

In 2017, Gartner found organizations were gravely underprepared for the European Union’s General Data Protection Regulation (GDPR). More than half of companies affected will not be in full compliance when the regulation takes effect in May 2018, the group said.

Now, only two months before the regulation is enforced, studies show little has changed. Yet the pressure of complying weighs more heavily on everyone’s shoulders by the day. Fortunately, solutions are readily available to businesses big and small seeking to ensure cyber resilience on their way to GDPR compliance.


Personally identifiable information (PII) has a central role in Digital Economy versus traditional business, and the biggest players are in the former camp. To protect personal rights in the digital space, both against abuse and against ever increasing cybercrime, the EU has revised its existing data protection laws and, in just two months’ time, is implementing a unified framework by which every data processor should abide. That new framework is called the General Data Protection Regulation (GDPR).

The GDPR can be viewed as a huge public service for data subjects and, at the same time, a major pain for businesses. Analysts recommend that organizations view the GDPR as an opportunity to stay competitive.

To comply with the GDPR, though, aggregators of EU customer data will have to bring their breach-detection and breach-response skills to unprecedented levels. According to the Information Commissioner’s Office (ICO), a key requirement to comply with the regulation is setting systems and procedures in place to minimize the risk of a breach. Starting May 25, an incident response program is no longer just good to have, but a must-have for data processors and custodians.

Following industry best-practices is key, as GDPR requires evidence of accountability. If a breach occurs, an organization must at the very least be able to limit the damage, reduce the penalties and avoid harm to its image.

A company’s incident response team needs to be on alert and react with a series of mitigation steps. To do that effectively, a key ingredient is required: EDR. Endpoint Detection & Response solutions are specifically designed to assist an organization’s incident response plan.

Download our whitepaper – Endpoint Detection & Response (EDR): How to safeguard customers’ personally identifiable information under the GDPR – to learn how your incident response team can employ EDR to prevent, detect, investigate and respond to imminent cyber threats.