Governance, Risk Management, and Compliance blog

How to comply with the EU GDPR

[fa icon="calendar"] Wednesday, 28 September 2016 / by Jakob Holm Hansen

The EU GDPR is one of the most substantial security initiatives in many years. This is on the one hand due to the scope of the regulatory work in the EU has been comprehensive and a long time coming. On the other hand, this is also due to the consequences of the EU GDPR having important implications for both the private and public sectors in Europe.

The EU GDPR identifies many things. One common denominator and the overall conceptual framework behind the EU GDPR is that it is considered an exercise in confidence. An exercise in confidence entails the registered party ”borrowing” his sensitive data from the data controller, and then the data controller acknowledges that confidence by taking care of the data, and by always being able to explain - in a meaningful and understandable manner - the purpose to which the information is to be used. This last part has not always been standard practice in the past.

Some things are well-known in the new EU legal text. Others are completely new. In summary, it can be said that the EU GDPR contains many requirements on how businesses shall process and protect personal information, and which processes the businesses will apply. The many requirements set out in the regulation will branch out into individual organizations and call for new forms of cooperation between legal, IT, individual departments, and management.

A correct implementation first and foremost requires the correct administrative understanding and priority of the task. It involves among other things setting the requirements for your own organisation’s handling of sensitive information. It also involves setting out requirements for the organization’s suppliers and on the systems they use for data processing. For many, the task of keeping the sensitive information they handle safe is nothing new. What is new is that the EU GDPR sets a requirement that you must be able to describe how keeping data safe is intended before you go about doing it. Then, it must be possible to show ongoing compliance with your own policies, procedures, and guidelines.

For many, the task of keeping the sensitive information they handle
safe is nothing new. What is new is that the EU GDPR sets a
requirement that you must be able to describe how keeping data
safe is intended before you go about doing it. Then, it must be possible
to show ongoing compliance with your own policies, procedures, and guidelines.

Our IT security advisors team has authored
a guide that will enable you to perform a correct, verifiable, and
resource-efficient implementation of the GDPR.
 

Download the guide here

en_sep16_guide_320x453.jpg 
 

Emner: eu general data protection regulation, eu gdpr

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts