Data protection officers are in demand as European Union deadline looms

Many organizations still focus their sales and business interactions to North America, which of course means they may not be affected.

With 75% of businesses unsure on whether to appoint a Data Protection Officer to comply with GDPR, it's worth pointing out that it won't be a requirement for every business.

"I got into security before anyone cared about it, and I had a hard time finding a job", said the 46-year-old, who is the data protection officer (DPO) of analytics startup Sumo Logic in Redwood City near San Francisco. Aware that numerous EU nations were setting varying data protection standards, the European Commission chose to standardize and streamline the protection of data for its citizens. This could be particularly effective for small-to-medium businesses that don't have an employee who could naturally take on the DPO role, or the budget to hire an additional person. The GDPR provides six possible bases for processing, and if a company can not justify processing personal data based on one of these bases, then the processing will not be deemed lawful. Other provisions of the law require that companies make personal information available to customers on request, or delete it entirely in some cases, and report any data breaches within 72 hours. Enterprise scale businesses are likely to already have mature programmes in place delivering GDPR compliance. It's not enough to merely comply with the new GDPR, businesses must be able to prove they're doing so.

According to a survey conducted by Veritas, 48 per cent of the respondents indicated they do not have mitigation strategies for personal data breach events. Collibra Professional Services takes clients through a phased approach, including GDPR Readiness, Implementation (including establishing business processes and designing/enhancing GDPR scorecards and data quality dashboards), and Monitoring and Reporting to support ongoing data compliance with the GDPR.

For many businesses, the cost will be in employee time as staff in HR, compliance and IT must undertake the work of revising and creating processes. Organizations need to follow the "bit train" of data as it moves through and outside the organization. "This file can be ported to another service or maintained for backup", added the instructions the new feature screen.

The law is meant to give European citizens more control over their online information and applies to all firms that do business with Europeans.

Rightmove will run two live Q&A sessions for agents on the subject with data protection lawyer Matthew Holman of EMW Law LLP. They need to consider what data is collected; how the data is collected, used, shared, stored, and controlled; and whether the data should be collected or stored at all. This protection can come in a number of forms including robust anti-virus products, and even threat-specific anti-virus solutions like anti-Ransomware.

During this countdown, companies can benefit from guidance on the GDPR issued both by the European Union and by Member State data protection authorities.

If the data is being transferred between the organisation or individual and a third party, each party will need to make sure they have the systems in place to protect this data from attack, and detect any breach should it occur.

Specifically with GDPR, EU Parliament wants businesses to shift from security as an afterthought to protecting all important data by default and by design.

Before you dive right into seeing what documents you have and locking it all up, it is first good to get an understanding of what the new law is.

Vanessa Coleman

Comments