Preparing for the EU GDPR Time Bomb

01 CISO to DPO
Responsibility Transfer

With the EU GDPR going into effect, the responsibilities of the CISO/Head of Security will shift. This will result in moving Risk Management, Governance, Business Enablement, and Project Delivery Lifecycle to the Data Protection Officer (DPO)/Head of Privacy and having dotted lines to Identity Management and Security Operations.

The role of the DPO will be much like a Compliance Officer, with the additional responsibilities of overseeing sensitive data handling and impacted business processes. We’ve mapped out how the responsibilities will transfer from CISO to DPO.

PREPARATION TIMELINE 02

We’ve taken Data Governance, Identity and Access Management, and Data Migration processes and aligned them with the EU GDPR to outline how long each foundational piece will take to execute.

EU GDPR Preparation Time
EU GDPR Timeline

03 REGULATORY SANCTIONS

The current maximum fine in the UK through the Data Protection Act is £500,000, $615,000, or 575,000€. With the EU GPDR there will be a 3,600% increase in the maximum fine to an organization.

EU GDPR Regulatory Sanctions

Up to 20,000,000 EUR or up to 4% of the annual global revenue
of the preceding financial year in the case of an enterprise, whichever is greater



If the companies below were found non-compliant under the EU GDPR they would have been assessed the following 4% fines based on their 2015 reported global revenue:

What Would happen if the following companies were non-compliant with EU GDPR? 4% fines would be filed

WHAT TO BUDGET FOR 04

PwC recently conducted a survey of 200 CIOs, CISOs, General Counsels, CCOs, CPOs and CMOs from US companies with more than 500 employees. 77% plan to spend $1 million or more on the EU GDPR. Below are 8 ways to outline your budget and prepare for May 25, 2018.

EU GDPR - Data Inventory & Mapping

Data Inventory & Mapping

EU GDPR - Privacy & State-of-the-Art Safe by Design and by Default

Privacy & State-of-the-Art Safe by Design and by Default

EU GDPR - Solutions to Enable the Exercise of Art (15-22) Data Subject Rights

Solutions to Enable the Exercise of Art (15-22) Data Subject Rights

EU GDPR - Train Employees to be GDPR Proficient

Train Employees to be GDPR Proficient

EU GDPR - Incentives for Hunting Down “Rogue or Non-Obvious” Personal Data Records

Incentives for Hunting Down “Rogue or Non-Obvious” Personal Data Records

EU GDPR - Stress Testing GDPR Resilience of the Solutions Proposed

Stress Testing GDPR Resilience of the Solutions Proposed

EU GDPR - Co-ordinate and Integrate the Solutions Crowdsourced from the Business

Co-ordinate and Integrate the Solutions Crowdsourced from the Business

EU GDPR - Hire Both a GDPR Architect and a GDPR DPO

Hire Both a GDPR Architect and a GDPR DPO

05 HOW STEALTHBITS CAN HELP

You need to know what sensitive data you have, where it is, and who has access to it. Governance should ensure that access is limited to those who really need it and actual access is checked against this list.

- 2016 Verizon Data Breach Investigations Report

Click on the Articles below to see how STEALTHbits maps to each EU GDPR Control.

Chapter II

Principles

Chapter IV

Controller and Processor

Principles relating to processing of personal data


Responsibility of the controller


Data protection by design and by default



Security of processing



Notification of a personal data breach to the supervisory authority

STEALTHbits Technologies is a cybersecurity software company focused on protecting an organization’s credentials and data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements and decrease operations expense. To learn more, visit or EU GDPR webpage

References: