sobota 28. října 2017

GDPR compliance is a moving target but firms need to keep up

GDPR compliance is a moving target but firms need to keep up
Published October 24 2017, 6:38am EDT - by PETER MERKULOV
Plné znění článku najdete na portálu: "information-management",
konkrétně na adrese
Cituji vybrané části textu: 
"A primary challenge with any major regulation is that, no matter how meticulous its writers intended to be, there will always be ambiguity. Some of that is intentional and some simply unavoidable."
"GDPR was necessitated because the old regulation dictating the security and management of data, 1995’s Data Protection Directive, was obsolete. ... The Data Protection Directive could not keep up."
"Not every possible situation can be accounted for in a single regulation, nor can the future be accurately predicted. ... Whether by design or oversight, many conditions and definitions contained in GDPR will be subject to legal challenges and that process will set the precedents needed to clarify the regulations"
"In Europe, data is considered breached if "accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed" occurs."
"Depending on available resources and willingness to accept a certain amount of risk, some aspects of implementing a compliance program may have to wait until after precedent has been set and clarity is further established."
"Data security compliance is—and always will be—a moving target, and that is never as true as in the period before a regulation goes into effect."