What changes, if any, is your organization making for compliance with European Union GDPR? Anyone have tips on taking on more automation to shore up PII protection and enforcement in the wake of these new regulations and penalties?
1 Like
Although there are several ways that automation could assist your organization with GDPR (SAO), I would recommend that you involve your legal counsel and data protection officer (if one is appointed) in the process. Since GDPR is focused on how and where your organization process, store, and protect personal data to include consent of the data subject, erasure and rectification, purpose and definition for use, proportionality of collected data and what tools utilized; such as privacy by design, privacy impact assessment, privacy seals, and data breach notifications etc.
Once you’ve identified the above, follow industry “best practices” to mitigate risk, and monitor your environment while ensuring that you remain compliant with the regulation (audit). Below are a few additional references that you can review to assist in mapping your controls:
ISO/IEC 27014:2013 - Governance of information security
ISO/IEC 38500:2015 - Governance of IT for the organization
ENISA - Technical Guidelines
2 Likes