The incoming GDPR imposes a number of huge changes that will directly affect Chief Information Security Officers (CISOs) and his/her information security team. And perhaps the two biggest changes as outlined by GDPR is the introduction of mandatory security notifications and data breach fines.
Organisations in the E.U have previously been under no obligation to report security incidents, but GDPR sees an obligation to report any security incidents to their local data protection authority (DPA) within 72 hours. This is no mean feat considering most data breaches reportedly go undetected in business networks for months at a time.
Furthermore, the danger of these organisations facing significant data breaches are very real. GDPR gives data protection authorities the power of levying fines of up to 4% of global annual turnover for a corporate group (or a total of €20 million) – figures which could put some companies out of business.
In this Micro Focus roundtable, leading experts discuss how CISOs can prepare for these pivotal changes, from the need for security monitoring tools to the importance of liaising closely with regulators in the event of a security incident.