Good Enough IT Risk Management

How to comply with the EU GDPR

[fa icon="calendar"] Wednesday, 28 September 2016 / by Lars Neupart

The new EU GDPR is one of the most substantial security initiatives in many years. This is on the one hand due to the scope of the regulatory work in the EU has been comprehensive and a long time coming. On the other hand, this is also due to the consequences of the EU GDPR having important implications for both the private and public sectors in Europe.

The EU GDPR identifies many things. One common denominator and the overall conceptual framework behind the EU GDPR is that it is considered an exercise in confidence. An exercise in confidence entails the registered party ”borrowing” his sensitive data to the data controller, and then the data controller acknowledges that confidence by taking care of the data, and by always being able to explain - in a meaningful and understandable manner - the purpose to which the information is to be used. This last part has not always been standard practice in the past.

Some things are well known in the new EU legal text. Others are completely new. In summary, it can be said that the EU GDPR contains many requirements on how businesses shall process and protect personal information, and which processes the businesses will apply. The many requirements set out in the regulation will branch out into the individual organisations and call for new forms of co-operation between legal, IT, the individual departments and the management.

A correct implementation first and foremost requires the correct administrative understanding and priority of the task. It involves among other things setting the requirements in your own organisation’s handling of sensitive information. It also involves setting out requirements on the organisation’s suppliers and on the systems they use for data processing. For many, the task of keeping the sensitive information they handle safe, is nothing new. What is new is that the EU GDPR sets a requirement that you must be able to describe how keeping data safe is intended before you go about doing it. Then, it must be possible to show on-going compliance with your own policies, procedures and guidelines.

For many, the task of keeping the sensitive information they handle
safe, is nothing new. What is new is that the EU GDPR sets a
requirement that you must be able to describe how keeping data
safe is intended before you go about doing it. Then, it must be possible
to show on-going compliance with your own policies, procedures and guidelines.

The security advisors in the Neupart consultant team has authored
a guide that will enable you to perform a correct, verifiable and
resource efficient implementation of the GDPR.
 

Download the guide here

en_sep16_guide_320x453.jpg 

 

Read more about how the Neupart software tools Secure ISMS & GDPR can help you with efficient information security management.

Emner: eu general data protection regulation, eu gdpr

Good enough IT risk management

The Neupart blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts