Preparing for the EU GDPR Time Bomb
How your organization can get ready for May 25, 2018
01 CISO to DPO
With the EU GDPR going into effect, the responsibilities of the CISO/Head of Security will shift. This will result in moving Risk Management, Governance, Business Enablement, and Project Delivery Lifecycle to the Data Protection Officer (DPO)/Head of Privacy and having dotted lines to Identity Management and Security Operations.
The role of the DPO will be much like a Compliance Officer, with the additional responsibilities of overseeing sensitive data handling and impacted business processes. We’ve mapped out how the responsibilities will transfer from CISO to DPO.
PREPARATION TIMELINE 02
We’ve taken Data Governance, Identity and Access Management, and Data Migration processes and aligned them with the EU GDPR to outline how long each foundational piece will take to execute.
03 REGULATORY SANCTIONS
The current maximum fine in the UK through the Data Protection Act is £500,000, $615,000, or 575,000€. With the EU GPDR there will be a 3,600% increase in the maximum fine to an organization.
Up to 20,000,000 EUR or up to 4% of the annual global revenue
of the preceding financial year in the case of an enterprise, whichever is greater
If the companies below were found non-compliant under the EU GDPR they would have been assessed the following 4% fines based on their 2015 reported global revenue:
WHAT TO BUDGET FOR 04
PwC recently conducted a survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. 77% plan to spend $1 million or more on the EU GDPR. Below are 8 ways to outline your budget and prepare for May 25, 2018.
Data Inventory & Mapping
Privacy & State-of-the-Art Safe by Design and by Default
Solutions to Enable the Exercise of Art (15-22) Data Subject Rights
Train Employees to be GDPR Proficient
Incentives for Hunting Down “Rogue or Non-Obvious” Personal Data Records
Stress Testing GDPR Resilience of the Solutions Proposed
Co-ordinate and Integrate the Solutions Crowdsourced from the Business
Hire Both a GDPR Architect and a GDPR DPO
05 HOW STEALTHBITS CAN HELP
You need to know what sensitive data you have, where it is, and who has access to it. Governance should ensure that access is limited to those who really need it and actual access is checked against this list.
- 2016 Verizon Data Breach Investigations Report
Click on the Articles below to see how STEALTHbits maps to each EU GDPR Control.
STEALTHbits Technologies is a cybersecurity software company focused on protecting an organization’s credentials and data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements and decrease operations expense. To learn more, visit or EU GDPR webpage