The latest enterprise risk management news from around the world

Four GDPR compliance myths to be aware of

Businesses preparing for the upcoming General Data Protection Regulation (GDPR) need to be aware of four myths, says NTT Security.

The four myths are:

ISO27001 is enough to cover GDPR
Implementation of controls aligned to this certification is a great start, but they are only part of the bigger picture.

The same exercise has already been done when planning for PCI DSS
Any controls implemented for PCI DSS will need to be extended to include Personal Identifiable Information (PII), which even then is only part of the GDPR requirements.

The organization’s GDPR programme can be handled by the legal or IT team
GDPR compliance is actually everyone’s responsibility. It should not be left to one team – legal, IT, HR and other business functions must all be involved with visible support from the executive level.

It is not the organization’s problem because they have outsourced all data processing to a third party
Processors are indeed liable for protecting PII under the GDPR but the responsibility is still on the data controller to ensure processors implement ‘technical and organizational measures’ to protect the information.

The stark truth is that businesses are still unsure on the actions needed to ensure full compliance ahead of the 25th May 2018 deadline. Some have proactively implemented programmes, yet found that gaps still exist, leaving them vulnerable to fines of up to €20 million or 4 percent or annual global turnover – whichever is higher.

www.nttsecurity.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.