Mathieu Gorge, CEOA constant stream of high-profile attacks by organized crime and hacktivists against both commercial and government entities has raised awareness and created a heightened sense of urgency to harmonize data practices. Furthermore, the EU just passed the General Data Protection Regulation (GDPR)—a new European wide data protection regulation that will impact every entity that stores, processes or transmits personal data about EU data subjects, whether this entity is based in the EU or not and imposing fines of up to 4 percent of global (not EU) turnover, as well as mandating data breach notification for all businesses. Independent research has also highlighted that up to 90 percent of non-production data currently sits unmasked within organizations, posing a significant security and compliance risk. “With the GDPR coming into effect it’s becoming crucial for any organization to have an efficient, fully documented and implemented data classification and protection process in place,” says Mathieu Gorge, CEO, VigiTrust. Gorge—an established authority on IT security, risk management, information governance and compliance with more than 15 years’ experience in Europe, Australia, and the U.S.—informs that the GDPR requirements mean that organizations should ensure that they have the relevant policies and procedures, technical solutions and staff awareness programs in place to not only comply, but also avoid data security breaches. Commenting on GDPR (General Data Protection Regulation), Gorge also advises that these firms must also establish a framework for accountability, embrace privacy; analyze on a legal basis the use of personal data—especially in cross border data transfers.
With its roots as a Cyber Security consultancy organization, VigiTrust has now migrated to being a market leading GRC software provider—specializing in cloud based PCI DSS (Payment Card Industry Data Security Standard) and data security compliance portals, provides education and awareness training, online security assessments and testing based on the VigiTrust Five Pillars of Security Framework. “VigiTrust’s core strength is to keep ahead of the legal, operational, technical security and compliance challenges, and present the legal and industry-led compliance and security frameworks to clients in a comprehensive and user-friendly manner,” asserts Gorge. Paraphrasing Gorge—an international speaker and trainer on security, compliance, and block-chain issues—the firm helps organizations to understand the process and language around these regulations and standards through Security Discovery Workshops (SDW) and GRC Solutions.
The key to good security is in demystifying it for C-level executives and Board members
Within the Discovery Workshop, VigiTrust develops security blueprints for clients to understand their ecosystem, data flow, applicable security mandates and security culture as well as devise a plan for achieving compliance.
The firm also allows business staff to take training at their own pace on security and compliance matters and also how to effectively handle credit cardholder data through its eLearning platform, which boasts over 80 security and information governance courses in multiple languages. Gorge adds, “Over the last three years, VigiTrust has focused on building solutions that help retailers with their compliance mandates, in particular the hospitality industry to ensure continuous compliance to PCI DSS.”
Indeed hotels draw on multiple sources of customer information from many sources and subjects, ranging from room preferences to car hire, restaurant information, credit card and personal data to even health information. To complicate the situation further, hospitality organizations often work with third-party suppliers to access specific data—creating big challenges for IT security and compliance. With the complete knowledge on the complex mix of data security and compliance mandates, the firm has helped the hospitality industry to effectively manage their security.
The firm will continue to work incessantly on innovating and adding new modules to its eLearning portfolio, incorporating new regulations and frameworks to its GRC tools especially around GDPR and Data Breach Notification. “We are also planning to continue to grow and double again in the coming 12 months and further consolidate our place as a market leader in the GRC space,” concludes Gorge.