My original title was “Data Security vs Data Protection[…]”, but an unfortunate number of people see these as pretty much the same thing, even interchangeable. Then I chose Cybersecurity instead of Data Security but that doesn’t cover all forms/formats of personal data, so I finally had to settle on Information Security.
As for Data Protection, it’s not, in and of itself Privacy, and so on…
Well, here we are, close of business May 25th, and oh look!, the sun is still shining, the world is still spinning, and no one [decent] went out of business.
What we do have however is an indication of who the world’s biggest muppets are. For example:
Even as a data protection novice, the GDPR makes sense to me. I get it. I may be partly wrong in some assumptions, but I am comfortable enough in my understanding of the intent of the Recitals and Articles to ask the right people the right questions.
All, that is, with the exception of Recital 80 / Article 27 – Representatives.
If you’re reading this, you likely fall into 1 of 3 camps:
- You are horrified at the concept and can’t wait to tear me a new one;
- You actually think I may be able to help you make lot of money; or
- You know me and realise that the title is nothing but click-bait
If 1., then good for you, I would do the same. If 2., then you’ve come to the wrong place unless you’re prepared to put in significant effort. If 3., then you’re right! 🙂
This is the final part in my GDPR Step-by-Step series, and one that, in my cynicism, I see very few organisations even trying to attempt. I have lost count of the number of companies with whom I have tried to implement a continuous compliance program, only to have them stop once they received their initial ‘certification’. In this respect, GDPR will be no different from something like PCI.