Sunday, 9 December 2018
GDPR PHASE 2 – DATA PROTECTION AND INFORMATION SECURITY ARMS RACE
I have worked with a number of organisations this year and my experience has been that May 25 presented a deadline and scramble to pull together the minimum requirements for a Data Privacy Notice.
In the period that has followed attention has turned to comparing hastily revised policies and procedures with real-life practices. As more than one wise person has said, it takes a long time for new ways of working to become habit.
There is a lot of work underway reviewing Contracts, Data Sharing Agreements and Processor Controller Agreements, in response to data protection and information security concerns.
The States of Jersey, JFSC and GFSC championing of Cyber Essentials as a minimum standard for information security and ISO27001 as a more respectable goal I anticipate that 2019 will be regarded as GDPR Phase 2 – putting theory into practice.
The Regulators of all jurisdictions have been clear that GDPR is not a once-only-event like Y2K but instead an ongoing process.
My view is that it has the makings of an arms race and to fall behind presents real difficulties being able to catch-up as each requirement piles upon the previous and makes basic assumptions about your start-point.
For many organisations this is just another step in the journey, but for some 2019 will see more challenge and more change than they were able to accommodate in 2018 and there may be consequences.
LINKS
https://www.jerseyfsc.org/the-commission/cyber-security/
https://www.gfsc.gg/news/article/cyberinformation-security-information-pack-boards
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx
AUTHOR
Tim HJ Rogers
https://www.linkedin.com/in/timhjrogers/
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment