The General Data Protection Regulation is the first comprehensive overhaul and replacement of European data protection legislation in over twenty years and could be the most significant regulatory framework to hit organisations since Sarbanes-Oxley in 2002.
Its purpose is to replace the varying implementations across Europe of the earlier EU Data Protection Directive with a single harmonized EU regulation. The intended outcome is a standardized set of expectations about how an organization must manage and protect personally identifiable information on employees, clients and other applicable data subjects.
Any organization that holds data on EU citizens, regardless of where it is domiciled, within the EU or otherwise, is in scope. Likewise, organizations processing data within the EU on any data subject, regardless of the data subject’s location, may be in scope. GDPR compliance is mandatory by 25th May 2018.
This paper explores how, with the right approach and help, organizations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.
What You Will Learn:
- What data security requirements are laid down by the GDPR
- Challenges brought by the Regulation to your security approach and how to identify appropriate security, unique to your organization
- What are the three critical components enabling appropriate breach notification capability - and a strong security approach
- How the GDPR is an opportunity for business enablement