středa 20. září 2017

Preparing for GDPR compliance: Guidance & recommendations

Preparing for GDPR compliance: Guidance & recommendations
By Thomas Fischer June 13, 2017 
Najdete na portálu na adrese:
Cituji z obsahu článku:
"A shocking 52 per cent of companies believe they will not be ready for GDPR enforcement and will end up paying fines! In order to avoid this it’s important to prioritise resources, processes, and people to ensure you are not only preparing for GDPR, but are also establishing an ongoing program that will eventually evolve into routine business operations.
- Getting started: Appointing GDPR stakeholders
Gaining executive leadership and stakeholder cooperation is the first step in complying with GDPR.
- The data protection officer 
There are many questions about the role of the data protection officer (DPO). GDPR only requires the appointment of a DPO by companies in limited cases, namely when the company’s core activities consist of the following:
1) Data processing operations which require regular and systematic monitoring of data subjects on a large scale;
2) Processing on a large scale of special categories of data, i.e., sensitive data such as health, religion, race, sexual orientation, etc., and personal data relating to criminal convictions and offenses. 
Public authorities are always required to appoint a DPO under GDPR. In general, a DPO will be required if your company processes and manipulates personal data (e.g. banks, healthcare, credit companies), but if the company only has HR data they are not required to have a DPO. 
It is recommended that organisations start evaluating potential DPO candidates now so they can determine if they meet the requirements while being a valuable addition to the GDPR stakeholder team. Start by looking for candidates within your organisation, as they have the best understanding of your business.
- Technology recommendations for GDPR compliance
It’s recommended to start with a visibility assessment of what data exists within your environment and what types of personal data – particularly GDPR-regulated data – you are collecting, handling, and storing so you can have a deep understanding of your risk exposure and prioritise further compliance efforts from there
• Data Discovery and Classification 
• Access Control, Identity Management, and Privileged User Management
• Encryption and Pseudonymisation
• Auditing and Forensics 
GDPR and managed services: An alternative solution 
Cituji zte závěru článku:
"While organisations are going through their GDPR compliance program and determining the impact the new regulation will have from a people, process, and technology perspective, some may find it more cost-effective to outsource to a managed security program (MSP) that handles the process for them. With the current dearth of IT security talent, this may become a more viable option for organisations who lack the internal resources and headcount but need to be compliant with GDPR.