ISACA’s New Privacy Guidance Provides 10 Tips for Tackling GDPR Implementation Using COBIT
Rolling Meadows, IL, USA (30 August 2017)—According to a new ISACA survey of senior executives and boards of directors, fewer than one-third are satisfied with their organization’s progress to prepare for GDPR. A concerning 35% are not aware of their organization’s progress.
To help organizations tackle GDPR compliance and better protect the data privacy of its stakeholders, global association ISACA has issued 10 tips for GDPR implementation using the COBIT governance framework. Among the tips:
- Develop a sense of urgency—gaining executive-level support is key.
- Think of GDPR as an opportunity—remember that the organization exists to create value for stakeholders, and applying the GDPR requirements adds value.
- Inventory the organization’s current governance frameworks and practices, including the data protection plan.
- Appoint a data privacy officer (DPO).
- Plan and rehearse incident response plans.
These tips and more are available in Adopting GDPR Using COBIT 5, available as a free download at www.isaca.org/privacy. ISACA will offer a free GDPR webinar on 17 September 2017. Rebecca Herold, the Privacy Professor, will present “How to Perform GDPR Data Protection Impact Assessments.”
“GDPR is more aggressive than previous privacy requirements, with tougher consequences for violation. It also doesn’t define what ‘reasonable’ means in terms of the required level of personal data protection, which gives the GDPR governing body wide latitude when it comes to assessing fines for noncompliance,” said Mark Thomas, CGEIT, CRISC, author of ISACA’s GDPR paper and president of Escoute Consulting. “Companies equipped with a solid governance structure have already won half the battle. For those without, this is an important driver for adopting one.”
ISACA has also issued a new book titled Implementing a Privacy Protection Program. This book provides practical guidance on using COBIT to support key privacy principles and achieve enterprisewide protection of personal information. This publication provides good privacy practices all organizations should be following, regardless of whether they are impacted by GDPR.
Additional privacy resources ISACA offers include:
- Privacy Principles and Program Management Guide
- Data Privacy Audit/Assurance Program
- Chicago Training Week
More information is available at www.isaca.org/privacy.
Nearing its 50th year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.
Michelle Micor, +1 .847. 385.7217, firstname.lastname@example.org
Kristen Kessinger, +1.847.660.5512, email@example.com