The Information Security Forum (ISF) today announced the release of the ISF GDPR Implementation Guide, the organizations latest digest which presents best practices for guiding a compliance program ahead of the European Union’s General Data Protection Regulation (GDPR). The GDPR Implementation Guide builds on the recently released ISF digest, Preparing for the General Data Protection Regulation, which summarizes the key requirements of the new legislation and lists the questions an organization needs to address to understand its GDPR readiness.
The GDPR is the biggest upheaval of global privacy law in more than two decades. With enforcement beginning on May 25, 2018, the GDPR represents the culmination of years of effort to modernize data protection. The GDPR applies to personal data relating to European Union (EU) residents regardless of where it is processed. It redefines the scope of EU data protection legislation, forcing organizations on a global scale to comply with its requirements. With potential compliance costs and fines of up to 4% of annual turnover, the GDPR may affect an organization’s corporate risk profile, and it is crucial for organizations to understand this impact as soon as possible.
“The need for organizations to prioritize data protection and information security has never been greater. A well-funded, well-governed and enterprise-wide GDPR compliance program will demonstrate an organization’s commitment to data protection and security,” said Steve Durbin, Managing Director, ISF. “To get the most out of the GDPR Implementation Guide, an organization should consider its current data protection practices and how to improve those practices in line with GDPR requirements. Utilizing the GDPR Implementation Guide, organizations can better prepare, implement, evaluate and enhance their data protection activities.”
The GDPR Implementation Guide presents the ISF Approach for GDPR Compliance (the ISF Approach) in two phases:
- Phase A: PREPARE by discovering personal data, determining compliance status and defining the scope of a GDPR compliance programme.
- Phase B: IMPLEMENT the GDPR requirements to demonstrate sufficient levels of compliance.
The ISF, in collaboration with ISF Members and other experts, has developed a structured method for achieving sufficient levels of compliance with the GDPR requirements. The ISF Approach focuses on key compliance actions that includes guidance required for an implementation plan, which can be embedded in a continuous improvement cycle. It is supplemented with practical actions, insightful tips and reusable templates to accelerate compliance.
“Data protection and legal compliance should not be perceived solely as a burden. The GDPR provides organizations with an opportunity to move programs beyond risk reviews and data analysis to deliver tangible operational change, thereby securing competitive advantage,” continued Durbin. “While every organization should judge the risks and rewards of its own data protection investments, the GDPR offers a unique opportunity to translate necessary compliance actions into tangible business benefit. Leading organizations are structuring GDPR compliance programs to exploit these opportunities and our GDPR Implementation Guide offers a method for doing just that.”
The GDPR Implementation Guide is intended primarily for data protection and privacy practitioners, IT, information risk and security professionals responsible for, or supporting, a GDPR compliance program. Organizations should consider the ISF resources related to this Guide including Preparing for the General Data Protection Regulation – Digest, The Standard of Good Practice for Information Security 2016 and Protecting the Crown Jewels: How to secure mission-critical information assets. Additional information is available now to ISF Member companies via the ISF website.
About the Information Security Forum
Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. The organization is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.
ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. By working together, ISF Members avoid the major expenditure required to reach the same goals on their own. Consultancy services are available and provide ISF Members and Non-Members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products.
For more information on ISF membership, please visit https://www.securityforum.org/.