Information Security Forum Examines the European Union's General Data Protection Regulation

NEW YORK - Jan. 12, 2017 - PRLog -- The Information Security Forum (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management, today announced the release of"Preparing for the General Data Protection Regulation", the organizations latest briefing paper which outlines data protection concepts and changes introduced by the European Union's General Data Protection Regulation (GDPR).

The GDPR is the biggest shake-up of global privacy law in more than 20 years. Adopted in April of 2016, and with enforcement beginning on May 25, 2018, the GDPR represents the culmination of over five years of effort to modernize data protection. The GDPR applies to personal data relating to European Union (EU) residents regardless of where it is processed. It redefines the scope of EU data protection legislation, forcing organizations on a global scale to comply with its requirements. With potential compliance costs and fines of up to 4% of annual turnover, the GDPR may affect an organization's corporate risk profile, and it is essential for organizations to understand this impact as soon as possible.

"The GDPR is putting data protection practices at the forefront of business agendas worldwide. Its scope is unmatched by any other international law, and we estimate that more than 98% of ISF Members will be affected by its requirements because they process the personal data of EU residents, or are based in the EU," said Steve Durbin, Managing Director, ISF. "For most organizations, the next 18 months will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations. Utilizing Preparing for the General Data Protection Regulation, organizations can better prepare, implement, evaluate and enhance their data protection activities in line with the GDPR's legal requirements."

Preparing for the General Data Protection Regulation outlines data protection concepts and the changes introduced by the GDPR. It describes the foundations of the ISF Approach, highlighting some of the key requirements that an organization must take into account when preparing its compliance program, and has set out, at a high level, the initial questions that an organization should ask to determine the impact that the GDPR will have.

The ISF Approach recommends that an organization should:

·         Determine the applicability of the GDPR to their personal data processing activities

·         Evaluate control requirements mandated by the new legislation

·         Assess organizational capabilities to deliver the outcomes required by the GDPR

·         Understand the financial and operational consequences of non-compliance

·         Prepare for compliance by May 25, 2018.

"In practice, organizations should have their GDPR preparations completed well before May 2018 in order to gain assurance from and provide assurance to third parties' requests," continued Durbin. "This will require resources with the expertise and time to issue and process those requests. Data protection, legal and information security teams should plan for this task so that they are not overwhelmed with requests closer to the enforcement deadline."

Ahead of the GDPR, the ISF anticipates that most organizations will need to designate a Data Protection Officer (DPO). With a likely shortage of skilled individuals, coupled with the length of typical corporate hiring cycles, businesses that have yet to designate a DPO should either begin recruitment now; recognize an internal candidate and start training them; or seek external expertise to fulfil the role requirements.

Preparing for the General Data Protection Regulation highlights the key requirements of the GDPR and will support an organization's understanding of how this new legislation affects business operations. This digest will be supplemented with an Implementation Guide that is due to be published in the second quarter of 2017. The guide will aim to provide practical guidance and better prepare organizations with the ability to interpret the legislation, prepare for compliance and implement the required controls and capabilities by May, 2018. The paper is available now to ISF Member companies via the ISF website (http://www.securityforum.org/).

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The organization is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions.By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.

For more information on ISF membership, please visit https://www.securityforum.org/.