General Data Protection Regulation, (EU) 2016/679 (GDPR).
Greg Fowlds, CISSP, Security+, ITIL, MCSE Greg understands the complexity of providing comprehensive security-
Watch for my upcoming training sessions, talks and seminars that will prepare you for GDPR.
To develop an understanding of what matters to your business the (ISC) 2 Advisory Council has outlined 12 areas of activity to offer a guide for scoping the tasks.
Other sources used to understand the GDPR are EU GDPR Website.
Lastly getting a good understanding of the regulation and how this affects your business is the key becoming compliant with the data you use.
May 25, 2018, Enforcement date leaves little time to prepare so don’t waste time placing the right people to begin the task to becoming compliant.
GDPR seems to be the newest most misunderstood regulation.
However being a Cyber-
1. GDPR is about “Data Privacy” for EU Citizens.
2. A Data breach will impact “Data Privacy.”
3. Good chance US major corporations do business globally.
4. Good chance US major corporations will have a data breach.
5. Good chance US major corporations hold private data on EU citizens.
6. The United States and Europe trade goods and services in the BILLIONS of Dollars or Euros.
SEE: https://ustr.gov/countries-
7. “Privacy Shield” is an agreement between US and EU protecting Data Privacy.
SEE: https://www.privacyshield.gov/article?id=OVERVIEW
8. GDPR is a European REGULATION about data privacy for EU citizens and has provisions that address international law for data processing in third countries.
SEE: REGULATION EU 2016/679 http://www.eugdpr.org/article-
Recital: 25 and 115. Article 3 (3) and Article 4 (26)
9. Again GDPR is a European Regulation, and therefore the US will interpret the provisions from a different perspective.
I am not, an attorney and will not begin to approach this from a legal perspective. However, from a data privacy/cyber-
Regardless of law, regulation or agreement all corporations have the responsibility to themselves and society to protect data privacy for all citizens.
Will there be legal battles concerning GDPR yes? Will there be fines enforced yes? Will those penalties be the max fines in the GDPR regulation, I believe no unless corporations blatantly disregard EU data privacy.
GDPR regulation will go into effect May 25, 2018. Don’t take the stance or believe that this European law does not affect United States companies. While we wait to see to what extent this GDPR regulation will touch US companies and how the legal remedies will look after litigation, be preparing your GDPR policy and processes by obtaining a cyber-
Other Links of Interest
The rules around business to business marketing, the GDPR and PECR