GDPR is going to require CIOs to rethink the way they approach the business once it launches. Getting the implementation right is going to take some work. In an article for Forbes, Stan Christiaens explains three ways CIOs can change their thinking to take on GDPR in the future:
- Consider who is in charge.
- Think outside the box.
- Offense is the best defense.
Christiaens has this to say about considering who is in charge:
A recent survey by Compliance Week asked organizations about who oversees GDPR compliance. The results reveal that 45% of organizations believe that security/compliance is in charge, 34% say that legal is in charge and 21% claim IT is responsible. But this was actually a trick question. The real answer should be all of the above — and more. Complying with the GDPR involves four key components: people, process, technology and data. So in addition to the teams listed above, you should also involve, at a minimum, HR and the office of the CDO.
Another thing CIOs must do is reevaulate the existing attitudes on security and start to make security just another dimension that must be addressed and satisfied when creating new processes. It’s similar to how companies have “gone green;” you can also go “data secure.” GDPR is focused on locking down and securing data, so you can meet GDPR’s requirements by getting aggressive with how you build up your data infrastructure.
For a longer explanation, you can view the original article here: https://www.forbes.com/sites/forbestechcouncil/2017/09/28/why-cios-might-be-thinking-about-gdpr-compliance-all-wrong/