The EU’s new General Data Protection Regulation or GDPR is expected to replace the Data Protection Directive. The new standards will further expand privacy protections and also encompass new obligations around personal data that are specific to citizens of the EU.
From an enterprise perspective, CISOs can gain a better understanding of how their companies will be impacted by this new regulation before it takes effect. Even if your company is following all cybersecurity protocols, the GDPR changes could result in significant changes that require resources and time.
GDPR has become a top priority for many CISOs around the world due to the fact that any company processing personal data originating the in the EU must be covered by this new law. The law has the potential to affect nearly every website and app in the world.
So, how can CISOs approach the new regulation? Here are a few key points that will help you to prepare:
#1 Assess how much personal data your company has and where exactly it is stored.
#2 Perform a Data Privacy Impact Assessment as it can really help CISOs identify the risks involved in privacy and how it can be minimized.
#3 Identify all the systems that are going to be touchpoints for data within the framework of GDPR.
#4 Ensure procedures are evaluated properly and effective controls are in place to detect, report, and investigate any type of breach.
#5 Once you have presented your results and findings, get a sign off from the concerned members of the executive team.
These are just a few important points for CISOs to consider when preparing for the GDPR.
If you want to gain broader insight into GDPR compliance and how can CISOs prepare for it, click the link below for more information.