cancel
Showing results for 
Search instead for 
Did you mean: 

GDPR Deadline is Approaching. How is Your Organization Preparing

cancel
Showing results for 
Search instead for 
Did you mean: 

GDPR Deadline is Approaching. How is Your Organization Preparing

Re: GDPR Deadline is Approaching. How is Your Organization Preparing

(ISC)² Team

The GDPR deadline is approaching fast. We’re less than a week away from May 25. In light of this, we wanted to share with all of you what we are doing and give you a chance to share your successes (or maybe find a little last-minute motivation).

 

Let’s start with a little background – Here at (ISC)2, privacy is a hallmark of our mission to inspire a safe and secure cyber world. We see GDPR as an opportunity to enhance privacy and data protections for ALL (ISC)2 members and candidates – not just those in the European Union.

 

From email communications to privacy policies, we know GDPR affects many organizational operations. We’re committed to full compliance, and we’ve revisited and made enhancements to our processes to ensure we’re always acting in accordance with the strictest regulations.

 

We’re proud to have always been committed to treating our members and candidates with respect to their privacy and personal communication preferences. This includes only sending digital communications they’ve given their explicit consent to receive. In honor of GDPR, we revisited our processes to ensure we continue to provide transparency for all both (ISC)² and candidates.

 

Now that we’ve got some of the background out of the way, we can get into the finer details. Here’s what we have put in place:  A redesigned  Communications Preferences Center to give our audience better control of their email inbox. Members and candidates can visit the page and customize subscriptions to receive information they find most valuable. We’ve also updated our privacy policy and made sure it is easily accessible on our website.

 

We’ll continue to improve upon our processes and policies after the May 25 GDPR deadline. We strive to earn and maintain the trust of our members and our candidates. At (ISC)², security is our purpose, people our passion, and that is true across all we do.

 

Now we turn it over to you! Tell us how things are progressing for you. Need a little inspiration on what to share? Here are a few questions to think about: What is your organization doing to prepare for GDPR? How long have you been preparing? Do you feel like your organization is ready for the deadline? We’d love to hear your experiences, and any tips you may want to share with your infosec and cybersecurity peers.

3 Comments
Reader I
We're already seeing some impacts to ideas we had on collecting personal information for a similar association. We wanted to obtain DOB (date of birth) to help us segment our members to identify "next-gen" or Millennials so we can better understand who is joining and leaving our chapter. While we are US-based, there are growing chapters in Europe. So we have to be mindful in collecting personal information. Much more thought is going into our transformation efforts in light of the GDPR deadline and privacy implications.
Viewer II

As with many companies I see at my client side company that the deadline is coming too early. Here in The Netherlands you see in the news that many companies will not be ready on THE date.

Is that a bad thing? I don't think so my self. As long as you have serious intentions to arrange it all in the coming months and can show this in a project- or yearplan.

 

Meanwhile the urge for more data protection officers is growing fast!

 

Greetings Karl

Viewer

If a company has no dealings with the EU nor do they have EU clients, does that mean they are not required to be in compliance with GDPR?

 

But what if the company is a vendor management based company, their client's employee is from EU and there are no collection of personal information either, does that mean this company has to be in compliance?

 

Given the same scenario as above, this company's client's employee whom is from EU, this time there is collection of personal information, does that mean this company has to be in compliance?

 

But I do understand as long as you have a website in the world wide web, you will need to ensure no personal data is collected from the website itself.

 

Personal data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"

From https://www.sans.org/security-awareness-training/gdpr