My previous blog focused on addressing the General Data Protection Regulation (GDPR) and all the regulations that came with it. In my final post of this series, I want to outline the actions you can take to remain proactive with data privacy laws surrounding NYDFS 500 and GDPR.
Understanding NYDFS 500 and GDPR, their impacts an organization, and how to go about implementing and managing a response program is critical. Companies will need to navigate the interconnected pieces of their organization, understand the history and lifecycle of their data, and work closely with regulators to ensure a successful outcome.
The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Firms should identify the gaps in their cybersecurity program, including areas that need immediate action and longer-term changes to support the program.
Immediate actions may include any of the following:
Analyze: Document requirements of the cybersecurity program and identify critical gaps in the current program.
Plan: Prioritize and address the gaps. Plan the project and program. Define the governance structure. Outline the resources required for the project.
Implement: Technical services are required to create/ update cybersecurity policies and procedures. Implement the processes and solutions to identify and protect sensitive business and customer data through encryption, data masking, identity and access management, privileged access management, network security, penetration testing and vulnerability assessments, and hardware/software upgrades.
Test: Develop and provide test plans, test cases, and test automation. Longer-term measures may include changes to existing business processes and data silos to reduce the proliferation of sensitive data. These measures will make it easier to manage the usage and distribution of this data, and reduce the risk of data breaches.
Longer-term measures may include changes to existing business processes and data silos to reduce the proliferation of customer personal data. These measures will make it easier to manage the use and distribution of this data, and reduce the risk of data breaches.
For more information on NYDFS 500 and GDPR laws and regulations on the financial services industry, please download our guide here, or click below.