Came across this really useful research conducted by aiim in partnership with M-Files and it makes fascinating and scary reading, with the main takeaways from this research as follows:
In a recent meeting, Karl Fontanari from CNA International had the opportunity of discussing the General Data Protection Regulation (GDPR), based on 10 questions, with Professor Jacqui Taylor, who is an acknowledged expert lead for the British Standards Institute (BSI).
I have had many conversations around the negative implications of GDPR the “Stick”, but what about the positive implications the “Carrot”.
Under the EU GDPR (General Data Protection Regulation) adopted on 27th April 2016 (enforceable 25th May 2018) organisations handling EU citizen data can now be expected to be fined for non-compliance, up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. They must also only maintain data if necessary, and identify all affected individuals within 48 hours in the event of a breach. The UK ICO (Information Commissioners Office) is now also seeking to align UK legislation and penalties against the regulation, and is substantially increasing its work force to address this.
The other day I was discussing the various aspects of the General Data Protection regulation with one of my consultants and the focus diverted to NPS.
I have heard a lot of cynical views around GDPR especially the comment “it will never happen to me”, well I thought it might be worth reminding you who might blow the whistle on you to the ICO.
CCURRENT DPO ROLE
Most security and compliance breaches are conducted from within an organisation either intentionally or unintentionally and this is largely due to lack of controls, guidance and reporting being in place.
I was reading the 260 page EU Legislative Directive again, sad I know! and at the end, thought I would share with you what was stated: