The clock is ticking for organizations all over the globe dealing with European personal data, to begin adopting the General Data Protection Regulation (GDPR), which requires implementation by 25 May 2018. GDPR firmly establishes privacy as a fundamental right. Enterprises face several practical challenges in implementing GDPR within a short timeframe given the wide scope of the new Regulation. To the rescue with practical guidance is the latest publication from ISACA, Implementing the General Data Protection Regulation.
The publication provides a hands-on view of how organizations should approach the challenge of reaching GDPR compliance by the May deadline.The guidance defines what goes into a GDPR program – including identifying and classifying personal data, risk management, governance, internal controls and assurance, security and managing data breaches. Furthermore, the guide provides insights on how to transition an organization’s initial GDPR program to a full data protection management system (DPMS).
“GDPR not only affects European organizations, but all organizations that deal with any European data,” said Matt Loeb, CEO of ISACA. “Enterprises with a solid governance structure will have an advantage in implementing the regulation, while others might find achieving compliance to be more difficult. No matter where your organization stands in the process, ISACA offers numerous resources to guide organizations as they adjust to this high-impact regulation.”
ISACA recommends the COBIT® 5framework to maximize effectiveness and efficiency while implementing GDPR. This framework is a proven foundation for GDPR projects in commercial and not-for-profit enterprises alike.
In the following months, ISACA will provide additional resources to help its global professional community prepare for GDPR, including a series of free GDPR-focused webinars:
- 20 February 2018 – Where Do Cyber-Risks and GDPR Compliance Meet?
- 21 February 2018 – Implementing GDPR
- 27 February 2018 –GDPR – What You Don’t Know Can Hurt You
Members can earn one CPE by attending each webinar. More information and full webinar listings can be found here.
The latest book is available for members at $25/$50 for non-members and can be purchased here.
For additional guidance on privacy and GDPR, ISACA recommends:
- GDPR Data Protection Impact Assessments
- Adopting GDPR Using COBIT 5
- Implementing a Privacy Protection Program: Using COBIT 5 Enablers with the ISACA Privacy Principles :
- ISACA Privacy Principles and Program Management Guide
ISACA® is a global association helping individuals and enterprises achieve the positive potential of technology. ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology.