As GDPR is officially in place as of May 2018, many organizations have already taken the steps to formalize security requirements and security implementation to effectively comply with the GDPR legislation. This includes putting security controls in place that can safeguard the rights and privacy of the data subjects (the citizens and employees) as well as helping the data controllers and processors minimize the risks of storing and handling sensitive PII (Personal Identifiable Information) data.
This effort spans across different business processes, IT domains, and applications. In order to reach the broad spectrum a requirements and technologies organizations will need to implement a strong data protection program. A vital component in this program is a dynamic access control capability. The purpose of the access control mechanism is to enforce a common, consistent and contextual sensitive access control model across PII data and sensitive transactions.
In this presentation, we will highlight both the business and technical aspects of why and how a dynamic access control mechanism can help organizations, and how policy based authorization can play a key role in a GDPR-driven Data Protection program.
Key Takeaways: