The EU’s General Data Protection Regulation (GDPR) is reshaping the way that organizations think about data security, as well as driving them towards better information governance. This paper highlights key aspects of GDPR for security professionals – aspects to investigate as you ensure that your security planning is fully aligned with your organization’s GDPR plans. This alignment is essential because data security is implicit to GDPR – after all, without security, personal data cannot be private, and personal data privacy is what the GDPR is all about.
The paper also addresses the important role of IT security professionals in driving the necessary shifts in the organizational mindset. For GDPR compliance, organizations should recognize that the personal data which they have painstakingly collected is not theirs to do with as they wish. Under GDPR, our personal data is ours – the organizations we share it with are its guardians or stewards, not its owners, and they must collect, store and use it in a trustworthy manner.
