cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
j_M007
Community Champion

Have organizations factored GDPR risk into their business impact analysis (BIA) computations?

Many organizations in the non-Euro zone seem to be sluggish at best to react to the GDPR stipulations about personal data protection. Many treat personal data as theirs to do with it as they please.

 

Are non-Euro organizations waking up to the very real business impact of dara exfiltration by not performing due diligence and due care?

 

On the one hand reading the GDPR is "quaint"; on the other hand the "cough" dissuasive measures are catastrophic. 

 

A few Monday musings.

2 Replies
Flyslinger2
Community Champion

If countries can't agree on a cyber pact how do companies get the leadership they need to adopt GDPR? 

j_M007
Community Champion

True enough in the realm of cyber space, especially since each nation has its own cyber defense initiatives..

 

Trouble with GDPR , however,is that according to EU rules, noncompliance can be very costly for scofflaws.It's more an issue of protection of personal data (PII, PHI, among others.) 

 

What's more, is that the GDPR is the baseline legislation; there is leeway for each of the Euo Member States to chime in with their own national legislation.

 

Failure to take due care can set organizations up for "dissuasive" measures, and since the European Economic Area economy is colossal (second largest in the world) ignoring GDPR might not be the best risk strategy.