In January, legal firm DLA Piper published the findings of its GDPR Data Breach Survey.
Considering that penalties and fines for non-compliance are set at a maximum of €20 million or 4% of a company’s annual global turnover, and that GDPR came into force in 2018, companies have had plenty of time to ensure they comply.
Sadly, this has not been the case.
The survey found that over 160,000 data breach notifications were reported across all 28 European Union Member states since May 2018.
Furthermore, most breaches included the processing of personal data, rather than being limited to the collection and storage of personal information.
So, how do you bring the visibility of your operational process compliance to your fingertips to manage the potential risk of GDPR in Europe and POPIA in South Africa?
Obsidian Systems has the answer.
Earlier this year, Amazon Web Services (AWS) launched in Cape Town to provide a range of cloud offerings – including compute, storage, databases, analytics, application development, and deployment services.
But as much as these services is needed, so is the ability to monitor your compliance status in real-time – or you risk the increasing likelihood of being fined.
For example, in Europe, Google was fined €50 million by the French National Commission, H&M paid more than €35 million for accidentally allowing access to employee information, and both Marriott and British Airways also saw hefty fines of over €20 million.
To make matters worse, these risks can be minimised by a few lines of code or a click of a button.
Obsidian Systems believes that even though POPIA will only kick into effect in June next year, companies must start testing the robustness of their business now.
Running a complete audit of your business and IT operations to determine your compliance status is a huge undertaking and takes a lot of time, however, so it should not be underestimated.
This is where continuous compliance becomes critical.
Continuous compliance is the ability to automate the process of applying the framework required for security audits and related compliance measures. This allows you to have a real-time, visible dashboard that highlights non-compliance issues and enables swift action to correct any breaches.
So, if your business is in the US working through CIS Benchmarks and SOX, or in Europe trying to meet GDPR measures, or even if you are just wanting to get the basics of POPIA right in South Africa – our focus is on making these security and compliance audits seamless.
Obsidian guides you through a comprehensive checklist while you manage the remediation.
TACO (Testing, Automation, Compliance, Observability) ensures best practices are enforced across multiple compliance frameworks and eliminates the risk of security and compliance misconfigurations.
Obsidian Systems, together with Autumn Leaf, is an AWS Well Architected, Advanced Consulting Partner.
This article was published in partnership with Obsidian Systems.