In order to get ready for the General Data Protection Regulation, companies need to thoroughly review their existing security measures and information-security frameworks. Because the GDPR is meant to be technology neutral, it provides very little guidance on these topics. As such, it certainly seems wiser and more rational to use existing solutions provided by National Institute of Standards and Technology publications than to wait until more EU guidelines would be available. “Later you could further build on what you already have, rather than start from scratch,” writes Piotr Foitzik, CIPP/E, in this exclusive how-to for The Privacy Advisor.
If you want to comment on this post, you need to login.