The EU General Data Protection Regulation (GDPR) will go into force on May 25, 2018. Every organization — regardless of its location — doing business with EU customers will need to make changes to its oversight, technology, processes, and people to comply with the new rules. But where should you start? This report helps security and privacy professionals understand five core GDPR requirements and two related changes they need to start tackling today.
It’s Action Time for Your GDPR Plan: The text of the new EU General Data Protection regulation is here; no more changes are on the way. Regulators will start enforcing the rules in 2018, which means security and privacy professionals must act now to meet the deadline. As you push your company’s privacy strategy forward, make sure your efforts include appropriate changes to oversight, technology, process, and people.
Five Core GDPR Rules Require Your Attention Now
A mature data privacy program is not built in a day. Start your action plan by assessing the core changes of the GDPR, then implement the required controls and fill any potential skill gaps. Specifically, there are five sets of changes in the GDPR that will demand significant effort for most companies:
- The data protection officer (DPO) will become a key security stakeholder.
- The Data Breach Notification requirement will be a game-changer.
- Privacy-by-design will be the biggest challenge to address.
- The extraterritorial reach of GDPR will make it a global mandate.
- Providing evidence of risk mitigation counts as much as securing data.
For each of these rules the Forrester Report lists specific action points. The report also highlights that meeting GDPR requirements in a meaningful way will ultimately achieve better data privacy and security practices, which addresses growing customer expectations for privacy.
To order the Forrester Report click on this link.