by ktaube on 11/9/17, 9:27 AM with 2 comments
by ptype on 11/9/17, 6:09 PM
1. Enforcing FileVault etc. on company laptops. 2. Internal storage: Reviewing servers' security, limit duplication of sensitive data, review access control 3. Checking external dependencies: where do third parties store data? E.g. Dropbox is not GDPR compliant yet[0], they are cutting it fine. 4. Enforcing 2FA. 5. Ensuring we have an audit trail of having assessed the GDPR impact.
[0] https://www.dropbox.com/help/security/general-data-protectio...
by iends on 11/9/17, 5:57 PM
About a year ago we had a big push to be fully HIPAA compliant, so we're following a similar process. Luckily, we are hosted on Amazon and already "do the right thing" in terms of encrypting PII and storing it in the closest AWS region, so hopefully it's not too much of a huge lift.