GDPR: from obligation to opportunity

By | Tuesday January 26th, 2016

The GDPR, in its final version just approved by EU Commission, Parliament and Council, introduces important changes in the responsibilities and procedures for protection and management of personal data within the EU.

Just think on the introduction of data breach, privacy by default, the obligation to define, document and monitor the framework adopted to protect personal data, the right to be forgotten and the period granted to companies to comply with the Regulation (2 years) to realize that the path to become compliant will not be easy and painless.

It is important, therefore, avoid that organizational, procedural, methodological and technological changes to be put in place to achieve compliance to GDPR, are not seen as a mere legal obligation, but rather represent a real growth opportunity for your organization.

Try to imagine the potential benefits in terms of process efficiency and resource savings if we could take this opportunity to:

  • optimize the control systems in place through rationalization and / or the integration of processes, methods and tools used for:
    • risk management;
    • Privacy/Business Impact Analysis;
    • Management of various compliances;
    • Auditing;
    • ICT security.
  • Targeted resources allocation, based on company’s risk appetite and security posture;
  • extend security solutions to be introduced / to be reviewed for compliance with GDPR even in those contexts of business that could benefit from them:
  • implement / extend an Information Security Management System;
  • Provide  innovative services and processes, relying on a secure processing of personal and business data;

Compliance with GDPR, asking for a holistic approach, can be also an excellent opportunity to create / improve the corporate culture on information security that is a prerequisite for a proactive and effective synergy between the various business functions that will be required to contribute, in various ways, to the security of personal and business data processed by the company.

Share with...Tweet about this on TwitterShare on LinkedInShare on Google+Share on Facebook
Category: Impact, Risk and Measures Tags: , , , , ,

About Andrea Longhi

Over 25 years of experience in consultancy, full dedicated within Finance, Entertainment, Transportation and Energy & Utilities industries, plus initial 5 years in an industrial automation and supervision firm. Along my professional career the experience in leading consulting firms such as Deloitte, Arthur Andersen and Capgemini has allowed me to acquire a consolidated and strong experience in the field of Security & Compliance services and to develop strong core skills: leadership, management, business development, sales and delivery. Many years of collaboration with Clusit, CSA and Enisa on topics related to enterprise security & compliance. Moderator of roundtables on security and speaker at conferences. Collaborating with the Oracle Community for Security to the planning, preparation and presentation of researches and projects on security and privacy, during the Security Summit. Founder of ConsAL, company specialized on Security and Business Discovery services, I collaborate with leading consulting firms as a business developer and management consultant in the field of ICT/ICS Security, Fraud, Compliance and Quality Management and Business Discovery.

Leave a Reply