This document discusses security and privacy challenges for companies in light of growing regulations like the General Data Protection Regulation (GDPR). It outlines key steps outsourcing vendors must take to ensure GDPR compliance, such as performing a gap analysis, creating a data register, evaluating existing technology, analyzing risks, and continuous testing. Choosing an ISO-certified vendor can help companies address security concerns, ensure safe data management, and facilitate business operations in compliance with standards and regulations.

1. SECURITY, GDPR,
AND IT OUTSOURCING:
HOW TO GET
IT RIGHT

2. THE WORLDWIDE SPENDING ON
INFORMATION SECURITY TO
TOP $113 BILLION BY 2020 WITH
(A CAGR OF 7.6%)
Data security continues to be a serious concern for
most companies, as the demand for advanced security
automation, threat intelligence, and security analytics
is constantly rising.
As security risks amplify, IT outsourcing companies
put a lot more emphasis on complying with industry
regulations, policies, methodologies, and technologies
used in data protection.
How do reliable outsourcing providers tackle these
security challenges?

3. WORLDWIDE IT SECURITY PRODUCTS MARKET
REVENUEFROM 2013 TO 2018
(in billion U.S. dollars)

4. Perimeter-based approaches to security
have become outdated. Security and
privacypros must take a data-centric
approach to make certain that security
travels with the data itself — not only to
protect it from cybercriminals but also
to ensure that privacy policies remain in
effect.”
— Forrester

5. Cloud data protection (CDP)
Protects from unwelcomed government surveillance
and helps remove some of the biggest impediments
to cloud adoption (security, compliance, and privacy
concerns).
Data privacy management solutions
Platforms which help operationalize privacy processes
and practices, supporting privacy by design and
meeting compliance requirements and initiating
auditable workflows.
TOP TECHNOLOGIES FOR
DATA SECURITY AND PRIVACY
Big data encryption
Helps obscure data in relational databases and in
the distributed computing architectures of big data
platforms, to protect personal privacy, reduce the
impact of cyber attacks, and achieve compliance.
Artificial Intelligence
Smart systems that detect and act on security threats,
either before or right after the information has been
compromised.

6. SECURITY CONCERNS WEIGH ON
THE MINDS OF EXECUTIVES
48% 41% 92%
of executives are very
concerned about security
are much more concerned
that 3 years ago
agreed more information
will be expected

7. WHY COOPERATE WITH
ISO-CERTIFIED VENDORS?
When choosing an outsourcing provider, consider companies that are compliant
with ISO standards and requirements.
IT vendors must have:
An effectively implemented documentation and records management system.
Established security policy.
Efficient process control.

8. Apart from ISO certification, the General Data Protection
Regulation (GDPR) will have a far-reaching impact
on global organizations as it will replace the primary law
regulating personal data protection — Data Protection
Directive 95/46/ec.
provide information security guarantees to their
customers, investors, and other stakeholders;
reduce the number of incidents and the costs
associated with unauthorized access and potential
information loss;
Cooperation with ISO-certified IT vendors
allows companies to:
ensure safe management of information resources;
raise the company’s profile and facilitate interaction
with customers;
increase the overall efficiency of doing business.

9. The General Data Protection Regulation is a directive established
by the European Union to protect individuals’ personal information.
The new GDPR is applicable to all organizations that collect or
process
the personal data of EU citizens or residents.
Under its regulations, companies are required to implement a number
of initiatives for safeguarding data, as well as technical organizational
measures to protect data and the individuals’ privacy rights.
Companies are also required to ensure systems and procedures
are able to properly test, monitor and measure data security.
Any failure may cause financial penalties up to $22 million or up to 4%
of annual revenues.
GDPR IN A NUTSHELL
May 25,
2018the regulation will go into force
and replace the EU’s 1995 Data
Protection Directive.

10. GDPR — GUIDING PRINCIPLES FOR
DATA PROTECTION

11. Raise GDPR Awareness
Any trusted outsourcing vendor
must develop a full understanding
of what GDPR entails, given the
specifics of the organization’s
business practices.
KEY STEPS OUTSOURCING VENDORS MUST MAKE
TOWARDS SUCCESSFUL GDPR COMPLIANCE
Perform a gap analysis
Auditing existing processes to
perform a gap analysis will help
companies to further define where
new procedures, technologies and
specialists are needed to fill any
gaps regarding data security, data
auditing, data privacy needs and
achieve GDPR compliance.
Create a data register
As soon as you potential business
partner has a clear vision about its
readiness to meet the regulatory
requirements, he needs to keep
a record of the process. This should
be done through creating a Data
Register.

12. Evaluateexistingtechnology
Examining organization’s technology
requirementsisvitalforunderstanding
which of the current solutions need
to be upgraded or replaced.
KEY STEPS OUTSOURCING VENDORS MUST MAKE
TOWARDS SUCCESSFUL GDPR COMPLIANCE
Analyze potential risks
Keeping a roadmap document is
essential to ensure the security
level is appropriate to the risk.
This also includes encryption and
pseudonymisation of personal
data as well as integrity and
confidentiality of data processing
systems and services.
Continuous testing
Any reliable business partner must
receive continual insights on process
improvements to ensure that best
practices are still actual and the
system data is well-protected.