- Reflections of a GDPR Data Protection Officer (Part I of III)
As the year 2017 is ending, I sit here in my corner office and began reflecting on what has transpired in the world of the EU’s General Data Protection Regulation (GDPR) and the apprehensions on what the coming year 2018 will have in store for me, my colleagues, the organisation and the business.
- 2018 GDPR Update from the EUGDPR Institute. The confessions of a DPO
Part I excerpt: As the year 2017 is ending, I sit here in my corner office and began reflecting on what has transpired in the world of the EU’s General Data Protection Regulation (GDPR) and the apprehensions on what the coming year 2018 will have in store for me, my colleagues, the organisation and the business.
- Reflections/confessions of a GDPR Data Protection Officer (Part III of III)
In the first two reflections, I focused on how we implemented GDPR in the first and some observations on some of the issues and problems my colleagues experienced in the second blog. However the primary concerns was in dealing with the critical GDPR issues, about the role and responsibilities of the DPO, which of course vary considerably due to the culture, level of proficiency and maturity etc.
- Understanding Privacy by Design and by Default
Management commitment is crucial for deciding to apply the principles of use data protection by design in the organisation’s procurements and software development. Management must also ensure to provide sufficient resources for this task. Taking data protection into account throughout the development process is both cost-effective and more efficient than making changes to an existing piece of software. Enterprises that do not comply with the GDPR risk significant costs, in the form of both fines for breaking the law, liability to the data subjects, and loss of revenue resulting from damage to their reputations.
- Revisiting Privacy by design and default in articles 25 and 32 for the nerds
If there is no material content in GDPR Article 25, then there is no legal basis for the data controller to consider the technologies that only support data protection through design. However, that does not support some of the other goals, for example, treatment of safety. Without material content in Article 25, they may not register the protection they should expect from GDPR.
- The need to shift data privacy focus in Sales and Marketing departments to comply with GDPR
GDPR is not only a technical, logistics or an HR compliance issue. Since any GDPR breach deals with reputation, it is not merely a compliance regulation but involves some stakeholders. The correct GDPR implementation provides the organisation with an opportunity to deepen the digital trust and do more with personal data. This is where the smart guys make it as an opportunity for marketers.
- The Board of directors and senior management 2018 responsibilities on cybersecurity and cybercrime
The prevalence of information security threats some global organisations including the UK Department of Trade and Industry and the Confederation of Danish Industries Data and Information Security Breaches Survey have done several surveys to assess the state of cyber, data and information security, across a representative sample of European organisations.
- The board and management must take a knee for the GDPR
The GDPR on personal data regulation was necessary. The old Data Protection Directive was 23 years old and did not keep up with the news requirements of social media, big data and IoT. Therefore there are advantages for everyone through the excellent data protection because customer confidence in proper data management is a severe breach and potentially violates trust and the organisation's earnings base.
- The Corporate Values of Threat Intelligence on cyber-attacks, data, IP, and asset protection
Based on the results of the recent hacks, if the Board of directors and senior management wants job security, (most senior management, CISO BoD have been fired after the cybersecurity hacking. (E.g. Talk Talk, Ashley Madison, Equifax), therefore management must take a long-term approach to the investment in threat intelligence.