Security Technology Executive

MAY-JUN 2018

Issue link:

Contents of this Issue


Page 41 of 79

42 SECURIT Y TECHNOLOGY E XECUTIVE • May/June 2018 • www. W ith the continued focus on personal information and the privacy rights of individuals, the General Data Protection Regulation (GDPR) officially went into effect on May 25 and it will certainly have an international reach, affecting any organization that handles the personal data of European Union (EU) residents, regardless of where it is processed. The GDPR adds another layer of complexity, not to mention potential cost and associated resources, to the issue of critical information asset management that so many organizations are struggling to come to terms with. The GDPR redefines the scope of EU data protec - tion legislation, forcing organizations worldwide to comply with its requirements. This most certainly includes U.S.-based organizations. The GDPR aims to establish the same data protection levels for all EU residents and will have a solid focus on how orga- nizations handle personal data. The benefits of the GDPR will create several compliance requirements, from which few organizations will completely escape. However, organizations will benefit from the uni- formity introduced by the reform and may be able to bypass having to circumnavigate the current array of While every organization should judge the risks and rewards of its own data protection investments, the GDPR offers a unique opportunity to translate necessary compliance actions into tangible business benefit. Image Courtesy of It's Official: Has Arrived As some companies scrambled to meet compliance requirements, others refined their roadmap By Steve Durbin often-contradictory national data protection laws. There will also be worldwide benefits as countries in other regions are dedicating more attention to the defense of mission-critical assets. At the Informa- tion Security Forum (ISF), we believe that the GDPR has the potential to serve as a healthy, scalable and exportable regime that could become an interna- tional benchmark. Understanding the Consequences of Non-Compliance Most countries have established supervisory authori- ties to oversee the use of personal data. These super- visory authorities are government-appointed bodies that have powers to inspect, enforce and penalize the processing of personal data. In the U.S., a number of authorities enforce data protection requirements under the sectoral approach, most notably the Fed- eral Trade Commission (FTC), which has substantial regulatory powers. Supervisory authorities are granted investigatory powers by the GDPR, allowing them to investigate any complaint that they receive through a variety of measures such as audits and reviews of certifications and codes of conduct. Complaints may be received not only from the data subjects themselves but also from any organization or association that chooses SPECIAL REPORT

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2018