Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

12/18/2019
01:00 PM
Terry Sweeney
Terry Sweeney
Edge Features
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff

Are you an army of one tasked with compliance and data privacy? Try these tips to get you and your organization in alignment with regulators.

Learn the Basics

Of course you want to get up to speed fast: The prospect of fines, bad publicity, or lost business is plenty of incentive to be as informed as possible about GDPR and data privacy. But you still have your regular job to do, and devoting all your time to GDPR compliance simply won't fly.

Still, there's no denying that getting up to speed is going to require time and extra attention. The good news: Nobody we contacted for this article said, "Make sure that you read the entire text of the GDPR legislation."

"Yes, being familiar with the GDPR text is useful," observes Rebecca Herold, CEO of the Privacy Professor, a security consultancy. "Do a scan through the GDPR regulation. Get a feel for what is within the regulation." She also advises becoming familiar with what GDPR is asking for and not to rely only on vendors and other third-parties to educate yourself.

Herold recommends bookmarking guidance and practical advice from the EU's data protection authorities (DPAs). Among her recommendations:

GDPR: Guidelines, Recommendations, Best Practices: The best place to start, with deep dives into key topics like the right to be forgotten, how to handle a data privacy impact assessment, and managing personal data, for starters.

European Data Protection Board Members: Where – and whom – to turn to in EU member states for guidance and inquiries.

Guidelines on Data Protection Officers (DPOs): Your organization will likely need to designate a DPO as the go-to person for data privacy, reporting, and ensuring guidelines are followed.

(Image: anyaberkut/Adobe Stock)

(Continued on next page)

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Previous
2 of 6
Next
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
   OVER THE EDGE
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.

 

Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll