GDPR

Home Executive Bio Expertise NIST CIS GDPR Contact

General Data Protection Regulation, (EU) 2016/679 (GDPR).

Greg Fowlds, CISSP, Security+, ITIL, MCSE Greg understands the complexity of providing comprehensive security-centric solutions through GRC and systems analysis. Greg offers GDPR consulting, delivers corporate training in GDPR and cybersecurity. He uses public speaking engagements to provide awareness in GDPR data privacy and what this means to US corporations.

Watch for my upcoming training sessions, talks and seminars that will prepare you for GDPR.

To develop an understanding of what matters to your business the (ISC) 2 Advisory Council has outlined 12 areas of activity to offer a guide for scoping the tasks.

Other sources used to understand the GDPR are EU GDPR Website.

Lastly getting a good understanding of the regulation and how this affects your business is the key becoming compliant with the data you use.

May 25, 2018, Enforcement date leaves little time to prepare so don’t waste time placing the right people to begin the task to becoming compliant.

GDPR Information for Decision Making What you need to know Does this effect my business Where do I start — See Article Here: Responsible Article What do I need to change in my security policy

GDPR seems to be the newest most misunderstood regulation.

However being a Cyber-Security professional, I work in facts and here are some points.

1. GDPR is about “Data Privacy” for EU Citizens.

2. A Data breach will impact “Data Privacy.”

3. Good chance US major corporations do business globally.

4. Good chance US major corporations will have a data breach.

5. Good chance US major corporations hold private data on EU citizens.

6. The United States and Europe trade goods and services in the BILLIONS of Dollars or Euros.

SEE: https://ustr.gov/countries-regions/europe-middle-east/europe/european-union

7. “Privacy Shield” is an agreement between US and EU protecting Data Privacy.

SEE: https://www.privacyshield.gov/article?id=OVERVIEW

8. GDPR is a European REGULATION about data privacy for EU citizens and has provisions that address international law for data processing in third countries.

SEE: REGULATION EU 2016/679 http://www.eugdpr.org/article-summaries.html

Recital: 25 and 115. Article 3 (3) and Article 4 (26)

9. Again GDPR is a European Regulation, and therefore the US will interpret the provisions from a different perspective.

I am not, an attorney and will not begin to approach this from a legal perspective. However, from a data privacy/cyber-security, prospective US companies need to be formulating plans to observe the 99 Articles contained in the GDPR Regulation and bring their data privacy policies and practices in compliance with the GDPR. If not for the regulation then for the protection of the data in their possession to mitigate their next data breach.

Regardless of law, regulation or agreement all corporations have the responsibility to themselves and society to protect data privacy for all citizens.

Will there be legal battles concerning GDPR yes? Will there be fines enforced yes? Will those penalties be the max fines in the GDPR regulation, I believe no unless corporations blatantly disregard EU data privacy.

GDPR regulation will go into effect May 25, 2018. Don’t take the stance or believe that this European law does not affect United States companies. While we wait to see to what extent this GDPR regulation will touch US companies and how the legal remedies will look after litigation, be preparing your GDPR policy and processes by obtaining a cyber-security professional well versed in GDPR that can ready you for GDPR May 25, 2018.