The General Data Protection Regulation is the first comprehensive overhaul and replacement of European data protection legislation in over twenty years and could be the most significant regulatory framework to hit organisations since Sarbanes-Oxley in 2002.
Its purpose is to replace the varying implementations across Europe of the earlier EU Data Protection Directive with a single harmonised EU regulation. The intended outcome is a standardised set of expectations about how an organisation must manage and protect personally identifiable information on employees, clients and other applicable data subjects.
Any organisation that holds data on EU citizens, regardless of where it is domiciled, within the EU or otherwise, is in scope. Likewise, organisations processing data within the EU on any data subject, regardless of the data subject's location, may be in scope. GDPR compliance is mandatory by 25th May 2018.
This paper explores how, with the right approach and help, organisations can use the requirements laid down by GDPR that affect information security to promote privacy, security, and business enablement.
What You Will Learn:
- What data security requirements are laid down by the GDPR
- Challenges brought by the Regulation to your security approach and how to identify appropriate security, unique to your organisation
- What are the three critical components enabling appropriate breach notification capability - and a strong security approach
- How the GDPR is an opportunity for business enablement