You’d be forgiven for thinking that GDPR (General Data Protection Regulation) is centered around just one thing: the potential to be fined up to four percent of your organization’s revenue for non-compliance. It’s an easy way to grab your attention (as I have just tried to do), but it is misleading. So how about a more measured approach to security – to underpin your GDPR preparation and processes - that most professionals aspire to every working day?
GDPR is different from many existing security models insofar as it is a legal, rather than a technical, framework. However, chances are that you are already following a standardized security model which means that you are probably well on your way to GDPR compliance. So, GDPR is more of an evolution rather than a revolution.
GDPR is not an attempt to shackle organizations, but a desire to protect the rights and freedoms of European citizens. So, common sense, as opposed to fear, should be our drivers on the journey to compliance. For instance, I’d call it data protection by design, and security professionals who have mapped their information lifecycles already understand the value of this and the benefits it already brings to their businesses.
Sure, there will be new definitions we have to master, and maybe a little more transparency is called for, but this in itself is not necessarily a bad thing. So let’s get beyond the hype and take a measured look at what we need to do to make May 25th, 2018, just another working day.
On October 26th 2017 at 14:00 BST (15:00 CET), Juniper Networks is running the next in our series of complimentary security webinars. If you are interested in learning more about the facts, rather than the hype, of GDPR, please join me and Gitte Bendzulla, General Counsel EMEA for Juniper Networks, to hear our thoughts, recommendations and ideas. You can register here