Information Security Forum publishes GDPR implementation guide
The Information Security Forum has announced the launch of the ISF GDPR Implementation Guide, which presents best practices for guiding a compliance program ahead of the European Union’s General Data Protection Regulation. The GDPR Implementation Guide builds on the recently released ISF digest, ‘Preparing for the General Data Protection Regulation’, which summarizes the key requirements of the new legislation and lists the questions an organization needs to address to understand its GDPR readiness. “The need for organizations to prioritize data protection and information security has never been greater. A well-funded, well-governed and enterprise-wide GDPR compliance program will demonstrate an organization’s commitment to data protection and security,” said Steve Durbin, managing director, ISF. “To get the most out of the GDPR Implementation Guide, an organization should consider its current data protection practices and how to improve those practices in line with GDPR requirements. Utilizing the GDPR Implementation Guide, organizations can better prepare, implement, evaluate and enhance their data protection activities.” Phase A: PREPARE by discovering personal data, determining compliance status and defining the scope of a GDPR compliance programme. Phase B: IMPLEMENT the GDPR requirements to demonstrate sufficient levels of compliance. The ISF, in collaboration with ISF Members and other experts, has developed a structured method for achieving sufficient levels of compliance with the GDPR requirements. The ISF Approach focuses on key compliance actions that includes guidance required for an implementation plan, which can be embedded in a continuous improvement cycle. It is supplemented with practical actions, tips and reusable templates to accelerate compliance. The GDPR Implementation Guide is intended primarily for data protection and privacy practitioners, IT, information risk and security professionals responsible for, or supporting, a GDPR compliance program.
an overview of GDPR
Technological change has ushered in a connected era in which information is gathered, stored and used to provide services which enhance our lives, making data an invaluable resource for modern businesses. With its ever-growing importance, and as companies continue to collect more and more of it however, a new approach to data is required. Given the substantial impact and the role that data has in both our personal lives and businesses, the upcoming General Data Protection Regulation is a logical next step to ensure that our privacy and integrity of data is maintained in the digital age. Going into effect on 25 May 2018, the GDPR is a new set of laws and regulations designed to ensure that personal data, including your own, is kept and used in a safe and transparent manner. We look at GDPR as a positive opportunity for growth. By providing a target to ensure that your data is correct and in order, it will be in better shape for extracting useful information and actionable insights from it, for marketing, customer improvement purposes, innovation and more. Survey respondents from the USA, UK, France and Germany in the charts below also show that more than half of large and medium-sized businesses believe that GDPR will bring with it numerous benefits – with security, trust and collaboration ranking as the most popular opportunities the new regulations offer. High levels of confidence are also shown across businesses who have their data stored on-premises, mostly in the cloud, or completely in the cloud – showing that GDPR’s opportunities span across businesses that are in different stages of technological growth. Meeting the new regulations will also reduce the risks of data breaches and large fines, and in turn, improving and maintaining your businesses reputation, while ultimately increasing customer loyalty and positive perceptions. GDPR will affect different organisations all over the world in different ways. Below are a list of resources to help you get started on your journey, ahead it going live next year.
Get GDPR compliant with the Microsoft Cloud
The GDPR requires that organizations respect and protect personal data – no matter where it is sent, processed or stored. To simplify your path to compliance, Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018. GDPR is part of our holistic cloud compliance investments. Contractual commitments – We are standing behind you through contractual commitments for our cloud services, including timely security support and notifications in accordance with the new GDPR requirements. In March 2017, our customer licensing agreements for Microsoft cloud services will include commitments to be GDPR compliant when enforcement begins. Sharing our experience – We will share Microsoft’s GDPR compliance journey so you can adapt what we have learned to help you craft the best path forward for your organization. While Microsoft is committed to helping you successfully comply with the GDPR, it is important to recognize that compliance is a shared responsibility. It’s important to understand your obligations related to GDPR regardless of where your organization resides. With the most comprehensive set of compliance offerings of any cloud service provider, the Microsoft Cloud is here to support your compliance initiatives. We were the first cloud provider to achieve compliance with ISO’s important 27018 cloud privacy standard. Our cloud footprint includes over 100 datacenters and more than 200 cloud services. That’s why Microsoft is committing to be GDPR compliant across our cloud services. Visit the GDPR webpage on our new Microsoft Trust Center website to learn more about how the features and functionality of Azure, Dynamics 365, Enterprise Mobility + Security, Office 365 and Windows 10 will enable you to meet the GDPR’s requirements. As the fast-approaching GDPR deadline draws closer, we look forward to working in close partnership with you on GDPR compliance. In March, we will announce the details of our contractual commitments in accordance with GDPR rules.