LATEST INTELLIGENCE
PRESENTED BY
Download whitepaper here
O Failure to comply with GDPR is likely to result in
substantial fines: as much as 4% of an enterprise’s
worldwide revenue.
It applies to all companies with operations in the
region AND to companies with a website or app that
captures and processes EU citizen data. Two pain points stand out: a requirement to notify EU
authorities within 72 hours of a breach, and another
to prove your security approach is state-of-the-art.
While GDPR is everywhere in security and privacy
news these days, much of the coverage focuses on
GDPR at a high-level, covering such topics as the
implementation timeline, potential fines and ‘the
Right to Erasure’. Over the last year, the (ISC)² EMEA Advisory Council
has consulted our professional membership to
measure the readiness of organisations and security
departments for GDPR, and to highlight the challenges
they are facing in the effort to become compliant.
While important, those topics just scratch the
surface of legislation that is so broad in scope, it
affects a multitude of issues ranging from corporate
governance to consent rights. The council established a task force that brings
people together who are actively working on
implementation projects either on monthly
international calls or in face-to-face workshops
hosted within (ISC) 2 Secure Summits.
n May 25 2018, the General Data Protection
Regulation (GDPR) came into existence and it
casts a very wide net indeed.
Due to the complexity of the legislation and the fact
that not all of the details have been finalised, the
readiness of companies is quite varied.
Some companies have grasped the basics, others
are in advanced stages of meeting their compliance
obligations, while others have taken the ‘wait and
see’ approach.
22
INTELLIGENTCIO
This effort reveals that many organisations have
underestimated the workload required and failed to
allocate accountability and resources adequately.
Too many have assessed it as an IT/ICT or security
department concern, when the understanding of
value, along with why and how personal data is
www.intelligentcio.com