Those who do not comply with the new regulation will face fines of up to 20 million euros or 4 percent of their annual turnover; whichever is more. It is therefore no surprise that many businesses are scrambling to prepare for its 25th May 2018 enforcement date.
The GDPR leaves room for interpretation, however the new regulation leaves no doubt that if you leave simple, static passwords in place and your systems are breached; the auditors will come for you.
The responsibility of securing a against a data breach is significantly increased under GDPR, and businesses need to focus on understanding the location of sensitive information, who has access to it and what strong authentication techniques can be deployed to secure access between users and data.
Passwords are outlawed by GDPR
Organisations are required to carry out risk assessments, and if an assessment shows that using a password as authentication will not lead to problems, then it is ok.
However, in the overwhelming majority of real-life scenarios, passwords offer a low level of security, and are therefore outlawed by the GDPR.
The problem with passwords
Passwords account for 81 percent of hacker-related data breaches, according to the 2017 Verizon Data Breach Incident Report. It is abundantly clear that traditional security measures aren’t working and that passwords are a problematic way to protect ourselves and our data.
According to Verizon’s 2017 Data Breach Investigation Report, organisations are not doing enough “if a username and password is the only barrier”.
Organizations are therefore risking their compliance by sticking with passwords.
Biometrics are the answer
Smart organisations are looking to use the technology-refresh opportunity to get rid of passwords completely and move instead to solutions that deliver more convenient and secure options authentication.
Leveraging next-generation technologies, such as Biometrics, allow for better identity management and data access control.
Building an access control environment and enforcing that environment will require biometric authentication to truly identify an individual. Accessing your information using something you ARE is always going to be better than something you KNOW.
Biometrics also help in the auditing and forensics process by creating traceability. The ability to reconstruct an event will become especially important under the GDPR.
Whilst the GDPR has created a lot of confusion and uncertainly, one thing is clear: start with understanding where your sensitive data exists and determine who has access to it. Then use this opportunity to tech refresh and eliminate passwords.
Move to a next-generation authentication solution that will serve you well for this and other compliance regimes.
A lagging organisation will be hit with the full fine, but don’t just aim to avoid the fines – now is the perfect opportunity to actually improve the organisation and use this as an opportunity to embrace advanced security solutions for their data, employees and customers.
Leverage biometrics as a first step in strengthening data access management and control, and get a head start on GDPR compliance.