ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > GDPR Working Group Hard at Work to Help You Navigate Implementation

GDPR Working Group Hard at Work to Help You Navigate Implementation

Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, past chair of the ISACA board of directors, group director of Information Security for INTRALOT
| Posted at 3:03 PM by ISACA News | Category: ISACA | Permalink | Email this Post | Comments (0)

Christos DimitriadisIt is with great delight that I announce the formal launch of ISACA’s GDPR Working Group. As the chair of the group, I have the pleasure of making this announcement. We have an impressive group of professionals, all of whom have experience in their day jobs implementing GDPR, guiding us through the process as we prepare deliverables for ISACA’s global professional community over the next few months.

The General Data Protection Regulation (GDPR) goes into effect 25 May, 2018. We understand the importance of the new regulation and the need for our members to understand and implement it. Our members are developing a GDPR Implementation Guide that will be available in early 2018 and can be used to help work your way through key steps in GDPR implementation in your organization. It will focus on key aspects of the regulation where ISACA has expertise, such as data governance, processing personal data, data portability, appropriate and adequate security and organizational measures (COBIT).

GDPR was a major topic of discussion at the recent CSX Europe conference. Joanna Karczewska and Graham Carter presented on, and I moderated, a panel with Paul Jordan, Managing Director, International Association of Privacy Professionals, and Andreas Mitrakas from ENISA. ISACA Board Director Michael Hughes also conducted an individual session on GDPR Business Implications. We are planning to produce and share a video on the panel discussion in the near future.

The working group has a face-to-face meeting coming up in early December where we will solidify additional plans for the coming months. We are divided up into workstreams and will focus in key areas. Some initial plans include:

  • GDPR Position Statement and Position paper – Create a core ISACA position and position statement, which we are planning to leverage in meetings with government officials in 2018.
  • In the UK, ISACA’s public affairs team will be engaging with Parliament around the Data Protection Bill as it progresses through Parliament – should it continue through 2018.
  • International support – As part of the GDPR working group face-to-face meeting, we wanted to determine specific activities for the international workstreams – partnering perhaps with ISACA chapters, chapters of IAPP partner events, etc. Right now, we have a PowerPoint deck that could be tailored by region.
  • International Launch Celebration, May 2018 in Brussels – Consider partnership with another organization to raise awareness about the importance of good cyber security practice to ensuring compliance.

I am deeply appreciative of the working group’s efforts to date and enthused about the progress to come. Members of the working group are:

  • Laszlo Dellei, CISA, CGEIT, CRISC
  • Michael Hughes, CISA, CGEIT, CRISC
  • Joanna B. Karczewska, CISA
  • Scott Rosenmeier, CISA, CISM, CGEIT, CRISC
  • Dr. Marc Vael, CISA, CISM, CGEIT, CRISC
  • Graham Carter, CISA, CGEIT
  • Urs Fischer, CISA, CRISC
  • Dragan Jovicic, CISA
  • Dr. Henrique Eduardo Lopes Pereira Necho, CISA
  • Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC
  • Patric J.M. Versteeg, CISA, CISM, CGEIT, CRISC, CSXP

The group is led by ISACA staff Tara Wisniewski and Jennifer Gremmels.

Additionally, ISACA internal staff has formed a cross-functional taskforce to share resources and collaborate on GDPR projects from other departments across the organization to ensure alignment. We look forward to ongoing discussions with this team and identifying new offerings our members can benefit from on an ongoing basis.

We will report regularly as updates become available. In the meantime, I encourage you to view ISACA’s current GDPR resources.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.