Intelligent CIO Middle East Issue 31 | Page 22

LATEST INTELLIGENCE PRESENTED BY Download whitepaper here O Failure to comply with GDPR is likely to result in substantial fines: as much as 4% of an enterprise’s worldwide revenue. It applies to all companies with operations in the region AND to companies with a website or app that captures and processes EU citizen data. Two pain points stand out: a requirement to notify EU authorities within 72 hours of a breach, and another to prove your security approach is state-of-the-art. While GDPR is everywhere in security and privacy news these days, much of the coverage focuses on GDPR at a high-level, covering such topics as the implementation timeline, potential fines and ‘the Right to Erasure’. Over the last year, the (ISC)² EMEA Advisory Council has consulted our professional membership to measure the readiness of organisations and security departments for GDPR, and to highlight the challenges they are facing in the effort to become compliant. While important, those topics just scratch the surface of legislation that is so broad in scope, it affects a multitude of issues ranging from corporate governance to consent rights. The council established a task force that brings people together who are actively working on implementation projects either on monthly international calls or in face-to-face workshops hosted within (ISC) 2 Secure Summits. n May 25 2018, the General Data Protection Regulation (GDPR) came into existence and it casts a very wide net indeed. Due to the complexity of the legislation and the fact that not all of the details have been finalised, the readiness of companies is quite varied. Some companies have grasped the basics, others are in advanced stages of meeting their compliance obligations, while others have taken the ‘wait and see’ approach. 22 INTELLIGENTCIO This effort reveals that many organisations have underestimated the workload required and failed to allocate accountability and resources adequately. Too many have assessed it as an IT/ICT or security department concern, when the understanding of value, along with why and how personal data is www.intelligentcio.com