GDPR for Security Professionals

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

Under the terms of GDPR, not only do organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy

A quick note on the framework for success

Phase 1: Develop

1.     Identify senior stakeholders and engage each business unit affected.

2.    Allocate adequate resources to support implementation.

3.    Inventory and analyze the personal data held across the organization.

4.    Verify procedures to ensure they cover all rights EU individuals have under GDPR.

5.    Review how consent is sought, obtained and recorded to determine if changes are needed.

6.    Designate a DPO when processing involves specific data categories, personal data processing is large scale, and if processing these special types of personal data is core to your business.

Phase 2: Implement

1.     Identify gaps and develop project plan to meet the data protection requirements set forth by GDPR. Two areas identified as particularly adding to the heavy workload are data protection impact assessments (DPIA) and subject access requests (SAR). Companies need to scope out how they plan to do these, and they too are subject to a risk assessment/maturity roadmap process.

2.    Refine the solutions necessary for improving data protection and ensuring adherence to requirements and regulations.

3.    Implement procedures to detect, report and investigate personal data breaches.

4.    Test, deploy, and QA all controls and solutions developed to achieve compliance.

5.    Develop an internal GDPR audit plan.

6.    Operationalize the efforts of monitoring all data protection controls created.

Phase 3: Improve

1.     Move into a state of continuous improvement

2.    Put GDPR efforts into maintenance/review/update mode

3.    Enhance controls and customer service to remain GDPR-compliant and build trust and value with customers.

Corporates looking for a senior professional with over two decades of experience, and having assignments/requirements, can get in touch with me at the following coordinates [email protected] and/or +91.99.8795.4864