Achieving GDPR Compliance: Three Expert Opinions
While many organizations see GDPR as purely a data challenge, I’m fully aware of the vital role of security on the journey to GDPR compliance. What’s more, despite the urgency lent by the fast-approaching deadline, I view GDPR as an opportunity, rather than a reason to panic.
So, I thought I’d find out how a number of GDPR experts are seizing this opportunity. What advice do they have for CISOs like me and how well prepared do they believe most organizations are?
That’s where the idea for my “Jane Meets” video series came about. In three face-to-face interviews, I talk to an influencer, a data privacy officer (DPO), and an analyst to capture their insight into GDPR and how best to maximize the opportunities.
1. Managing and mitigating risks
In the first of these conversations, I talk to Bojana Bellamy, President of the Centre for Information Policy Leadership. This influential body is a global privacy and security think tank. It works with industry leaders and regulators to develop global solutions and best practices for privacy and responsible use of data. As an influencer in the privacy domain, Bojana offers advice on the best way to prepare for GDPR and leverage the potential benefits.
With GDPR being a strategic imperative involving muti-disciplinary teams, I ask Bojana how a CISO like me can contribute to GDPR compliance, specifically in the context of digital transformation.
We also talk about the purpose and value of a Data Privacy Impact Assessment (DPIA), which is a GDPR requirement, and the role of the CISO in managing risks, for example when sharing personal data with an external partner.
View my Influencer interview to find out why Bojana believes the CISO will be a great ally to the Chief Privacy Officer, especially when it comes to data privacy assessments, and privacy and security by design.
2. Collaborating for GDPR compliance
In the second of my “Jane Meets” GDPR interviews, I am joined by Sarah Taïeb-Jaskierowicz, Data Global Protection Officer at Ipsen Group.
With GDPR compliance demanding collaboration across the organization, Sarah explains why the CISO must be involved from the very beginning of any GDPR program.
She adds that, while the GDPR requirement is “privacy by design,” if you don’t have security, you don’t have privacy. She also emphasizes the importance of data mapping to understand what data you have to protect.
View my DPO interview to hear what steps Sarah advises in the event of a data breach that falls within the scope of GDPR, and why she urges the CISO and the Data Privacy Officer to work together.
3. Is the market ready?
Ahead of GDPR coming into force in 2018 I want to make sure my team, and the wider organization, are taking into account broader market trends and developments. So, I met Enza Iannopollo, Analyst at Forrester, to get her views on what’s happening in the market.
Enza explains why data discovery and data classification are the starting point, not just for GDPR compliance, but for any data privacy or security program.
She adds that despite the many GDPR-level products and technologies on the market, these should be seen purely as part of the broader GDPR picture. Nonetheless, she points to some interesting developments in automation and machine learning that can help GDPR compliance.
View my Analyst interview to see how ready organizations say they are for GDPR—and why Enza believes that, in practice, there is still a very long way to go for most of them.