The new mind set for the C-suite executives is to see data protection as a continual evaluation and strengthening of cyber security standards, rather than a one-off effort, In particular, Article 32 stipulates both ‘controller’ and the ‘processor’ of data shall “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk’.
Emma Wright, partner with technology law firm Kemp Little, advises her corporate clients to adopt a ‘privacy by design’ approach, in the same way that cyber security by design is becoming the new normal. For companies, the onus to demonstrate ‘intent’, means in practice, “there must be a two-way flow of information between the ground and the boardroom, continuously revised to raise best practice,” she says.
Related article: Accelerating GDPR Readiness: Now’s the Time to Get Started
To mitigate this risk and ensure data is protected consistently throughout a supply ecosystem, cyber risk management advisor Coalfire, recommends a thorough audit of the entire supply chain, plus periodic spot checks. These bolster strategic relationships and foster good security behaviour and mutual vigilance, says managing director Andrew Barratt.
Audit trails may be getting more convoluted and complex but automation will play a bigger part in compliance. Assisting an always-on approach to data protection are a plethora of auditing tools and frameworks such as DXC Technology’s Cyber Reference Architecture (CRA). Governance will ensue compliance efforts are joined up; and data protection and cyber security teams must work together with the procurement in events such as M&As.
If benefits of greater visibility, transparency and mutually supportive business relationships aren’t sufficient incentive for executives, there’s another stick in GDPR. A 72-hour notification clause makes it obligatory for all organisations – not just telcos – to report breaches. Cyber insurance will partly cover that eventuality, but there’s no doubt that the C-suite will need to reengineer compliance – GDPR and more – for new times.
Author: Helen Beckett
Helen Beckett is the Community Manager of the Business Value Exchange. She has been a writer and editor for over 20 years and takes a particular interest in the challenges facing the CIO in today’s business climate.