GDPR is Explicit About Protecting Availability
Scheduled to take effect on 25 May 2018, the General Data Protection Regulation (GDPR) calls for unprecedented changes in the way organizations collect, process and protect the personal data of EU citizens.
With all the information and talk about GDPR, there are a couple misconceptions that I have come across when speaking to people.
The first is that GDPR requirements are only limited to organizations physically located in the EU. That is not true. GDPR explicitly applies to ‘any’ business collecting or processing EU citizen personal data, whether directly, or indirectly as a third-party. This essentially means GDPR is a worldwide regulation that impacts many different verticals such as retail, healthcare, and finance just to name a few
The other misconception is that GDPR is only about protecting “data.” This is totally understandable as it’s the name of regulation! But again, not true.
GDPR is very explicit when it comes to also protecting ongoing access to that personal data. In other words, “availability” protection. For example:
GDPR Recital 49
GDPR Recital 49 defines the appropriateness of processing personal data within security solutions for the purposes of “ensuring network and information security.” It goes further: “This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.”
GDPR Article 32
Article 32 calls for “the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services”, and more “the ability to restore the availability and access to personal data in a timely manner”.
GDPR rightly points out the need for availability protection. DDoS attacks are the biggest threat to any organization’s network and/or online business services. And this threat is getting worse. According to NETSCOUT Arbor’s 13 Annual Worldwide Infrastructure Security Report:
- Service providers reported DDoS as being both the top experienced threat and concern for the coming year.
- Enterprises rated ransomware as the top threat but ranked DDoS attacks as a close second.
- The number of attacks has increased dramatically. In 2017 NETSCOUT Arbor’s ATLAS observed 7.5 million DDoS attacks vs. 6.8 million in 2016.
- The complexity of these attacks is also increasing. 48% of enterprise survey respondents experienced multi-vector DDoS attacks. That’s up 20% from last year.
- There was also a 30% increase in the number of enterprises that experienced application-layer attacks in 2017.
NETSCOUT Arbor helps you meet the availability protection requirements of GDPR.
NETSCOUT Arbor offers the industry’s most comprehensive DDoS protection solution — a fully integrated, intelligently automated combination of in-cloud and on-premises DDoS (and advanced threat) protection products and services.
What’s more, Article 32 calls for “regularly testing, assessing and evaluating the effectiveness” of data protection measures. NETSCOUT Arbor products are automatically and regularly updated with current threat intelligence from ATLAS global visibility and our ASERT security experts.
No one in the industry offers such a comprehensive, integrated DDoS protection solution.
The Lasting Consequences Of GDPR
One last misconception. Much attention has been focused on the new levels of fines and the clearly stated right of individuals to compensation as a result of GDPR non-compliance. But it’s important to remember the security practices called for by GDPR will help organizations maintain the trust and confidence of their customers and partners moving forward. Future business success requires protecting personal data and your network and service availability – GDPR or not.
To learn more about how NETSCOUT Arbor DDoS attack protection products and services can help you meet the availability protection requirements, download our GDPR checklist.