Why you need a data protection officer
With enforcement of the European Union’s General Data Protection Regulation (GDPR) set to begin on May 25, 2018, organizations that handle any personal data relating to EU residents must begin preparing now, if they haven’t already.
Most organizations will need to designate a data protection officer (DPO), says Steve Durbin, managing director of the Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management.
“The GDPR is putting data protection practices at the forefront of business agendas worldwide,” Durbin said in a statement earlier this month. “Its scope is unmatched by any other international law, and we estimate that more than 98 percent of ISF members will be affected by its requirements because they process the personal data of EU residents, or are based in the EU. For most organizations, the next 18 months will be a critical time for their data protection regimes as they determine the applicability of the GDPR and the controls and capabilities they will need to manage their compliance and risk obligations.”