The GDPR and Masergy Managed Detection and Response (MDR)
The European General Data Protection Regulation (GDPR) becomes applicable on May 25, 2018. In addition to applying to entities within the European Union (EU), the GDPR has a broad territorial scope and may apply to entities outside the EU that offer goods or services to individuals in the EU or monitor their behaviour.
The GDPR introduces a personal data breach notification obligation. Under the GDPR, data controllers (i.e., entities that decide the “why” and “how” personal data is processed) are required to notify a personal data breach to i) a supervisory authority within 72 hours
after becoming aware that personal data has been compromised, and (ii) where the personal data breach is likely to result in a high risk to the rights and freedoms of individuals, they must notify affected individuals without undue delay. In addition, data processors (i.e., entities that process personal data on behalf of data controllers) are required by the GDPR to notify a personal data breach to the data controller without undue delay. These notification obligations are highly connected to an organisation’s ability to detect, address and mitigate a personal data breach in a timely manner.
Masergy’s Managed Detection and Response (MDR) service delivers continuous monitoring and security incident response to minimize the risk from advanced threats for an organisation. Combined with 24/7 analysis by security professionals, Masergy’s MDR service helps expel attackers before they can find and exfiltrate company information including personal data. Among others, but particularly relevant to the GDPR, Masergy MDR helps companies with:
- Breach detection and reporting;
- Breach forensics; and
- Data Protection by Design (taking data protection into account at an early stage).
Read the full white paper here.