GDPR: Risk, opportunity and what it means for security professionals
The EU General Data Protection Regulation (GDPR) enters force in May 2018 and represents the most significant development in privacy legislation for a generation. Many commentators choose to focus on its increased financial penalties, presenting it as a regulatory risk and, often, a problem for the information security function to deal with. This point of view is inherently flawed. Security is only one aspect of the Regulation and its fundamental security requirements remain largely unchanged. Security is important, of course, but GDPR is evolutionary, not revolutionary in this regard. This article discusses why GDPR is necessary, what it means for security professionals and how it can be approached from a positive perspective.