Intelligent CISO Issue 1 - Page 37

W With a recent Veritas Study indicating that more than half of organisations are yet to start work on meeting the minimum requirements set by the General Data Protection Regulation (GDPR), the clock is well and truly ticking away. The EU’s GDPR comes into force in May so it’s vital that CISOs focus on the impending deadline and look into the future to avoid the significant fines that can be imposed. Here we speak to industry experts to ask what those companies who have some catching up to do really need to know about demonstrating their compliance to GDPR. How would companies demonstrate GDPR compliance? MIKE LLOYD, CHIEF MIKE LLOYD, CHIEF TECHNOLOGY TECHNOLOGY OFFICER, OFFICER, REDSEAL REDSEAL FEATURE of paper or yellow sticky notes, then your business processes leave online footprints. If you don’t know how your business processes data, then the best place to start is with an inventory of your network and your processes. You can’t audit what you cannot map out. Ask yourself whether you already know how your organisation processes personal data. HARRIET COHEN, HEAD OF HARRIET COHEN, HEAD COMPLIANCE AND CERTIFICATIONS, OF COMPLIANCE DIGITAL GUARDIAN. AND CERTIFICATIONS, DIGITAL GUARDIAN The first step that any company should take is to appoint a Data Protection Officer (DPO). The DPO may either be a company employee (for example, the CIO) or may be a consultant from a third party. GDPR requires you to demonstrate that your processes protect the privacy of individuals. This requires that you can’t just use a business process that works; you have to use a process that is demonstrably doing it in the way that it should. So, the right place to start is with transparency; ask yourself whether you already know how your organisation pr ͕́ͽф%ѡӊéЁ)ՔѼ԰ѡЁݥѽՔ)ȁAH)յԁeЁոͥ)ѥɕ䁉ͥɽչ͍Ʌ)ܹѕэͼ))%Ք)QЁѕ́Ѽ͍ٕȁѡ)ͽфѡЁɕͥ́ѡ)٥ɽахѥݥѠ)х͔͕ٕ̰MɕAЁȁѡ)ɕͥѽɥ́ՐѽɅQ͔)ɕͥѽɥ́ɔѼхѡ)ɕɅAHфѡ)ѽˊé٥ɽи)=ѡ䁡́ѥѡ)AHфЁ͡ձѕɵ܁)ݥɕѡٕЁTѥ镸)ɕͥЁх́ѡɕɑ)ѡ͔ѡȁфѡȁѼɕ)ѡЁѡ͔ѡф́ɽɥє)ѡЁѡф䁹Ѽɕѕ)ȁɕٕ=ٕȁѥݥѠɥ)ѥձɱݥѠեɽ)ѡɽ Ё)ѥ(