Tweetchat Roundup: GDPR Commentary

July 19, 2017 | Javvad Malik
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

GDPR, the General Data Protection Regulation, invokes mixed feelings in everyone that hear of it. It represents a large change in how European citizen and resident data is handled, both by data controllers and processors.

So, it made sense to limber up our tweeting thumbs, break out the #AlienChat hashtag and seek the opinion of the twitterati.

But this wasn’t something we could do ourselves, so drafted in special guests Quentyn Taylor, Director of information security, Canon EMEA, and data protection and privacy expert Rowenna Fielding of Protecture.

Concerns

We didn’t waste time in trying to understand the challenges and main concerns of participants.

 

Rowenna discussed the fact that organisations treat GDPR as compliance, or legal for IT is a challenge and one that will likely cause them issues. A sentiment that was echoed by Sarah Clarke who added that companies tend to not factor in issues like contracts & due diligence.

Carl “The GDPR guy”  Gottlieb also weighed in around the lack of clarity on ePrivacy regulation.

           

72 hours to comply

The 72 hour breach notification rule seems to be a hot topic for many organisations. Rowenna clarified that the breach notification was applicable only where there is an impact to individuals rights or freedoms. The scope of which extends far beyond financial data.

But as Kate Brew pointed out, in many large organisations, it can take 72 hours just to schedule a meeting.

Dead or alive?

The scope of GDPR is still a bit uncertain for some; so we sought to determine in what context does GDPR apply. Apparently, the dead are except from it, so funeral directors losing a list of the deceased would be except.

It is also worth bearing in mind the fact that GDPR applies to EU citizen and residents. No matter where the controller or processor is based.

Steps to prepare for GDPR

There isn’t much time left to implement GDPR. So we asked the expert participants what are some steps companies can or should be taking to prepare for GDPR.

But I’m already compliant

If a company is already compliant to an existing security standard such as PCI or ISO27001, the question remains as to whether they would need to do anything additional for GDPR.

Quentyn and Rowenna were in full agreement with their responses.

In summary

We thoroughly enjoyed our tweetchat, it was engaging, lively, and full of wisdom. We’d like to extend our thanks to all the participants that contributed their knowledge and added to the discussion.

For a more full list of the conversations that transpired, check out this twitter moment.

Javvad Malik

About the Author: Javvad Malik
The man, the myth, the blogger; Javvad Malik is a London-based IT Security professional. Better known as an active blogger, event speaker and industry commentator who is possibly best known as one of the industry’s most prolific video bloggers with his signature fresh and light-hearted perspective on security. Prior to joining AlienVault, Javvad was a senior analyst with 451 Research providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.
Read more posts from Javvad Malik ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL