May 18th: The birthday of the DPO

The importance of the European Global Data Protection Regulation and its implications for cybersecurity in America.

digital europe circuit board barbed wire barrier obstacle thinkstock
Thinkstock (Thinkstock)

What does May 18th, 2018 mean to you? If you conduct business with European individuals or businesses it is time to hire a Data Protection Officer (DPO). The European General Data Protection Regulation is 11 months away. This regulation is intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.  

This regulation embodies the nexus between privacy and cybersecurity via “protection’. GDPR will eliminate plausible deniability as the penalties for non-compliance i.e. lack of protection will equate to 4% of revenue. This is a game changer. No longer will cybersecurity be viewed as an expense ; now it will become a functionality of conducting international business.

The GDPR requires a Data Protection Officer being hired at the C-level. This DPO position requires thoughtful consideration of the candidate. My greatest concern is corporations will assign this historic role to a lawyer from the compliance department. That would be a travesty. May 18, 2018 is the day that has arrived for the CISO community.   You should begin your tactful conversations with your C-suite now as the DPO position should be the career path for CISO’s.  

Once we embrace this reality we must begin the dialogue per the definition of protection.   It has become obvious that protection is not merely encryption or compliance with cybersecurity standards.   Protection should include those elements but it should be modernized. intrusion suppression.  Adequate protection should incorporate dynamic real-time reaction to cyber intrusions. Pivoting to a strategy of intrusion suppression will improve protection and limit the impact of a breach. By stifling the adversary’s exfiltration of meaningful data an organization will protect the reputation of the brand and allow the organization to be GDPR compliant.  It is my sincere hope that this column will begin a thoughtful dialogue per the definition of protection.   May 18th, 2018 will be historically significant for our industry and hopefully for you Mr. or Mrs. DPO.  

“Not all the armies of the history of the world can stop and idea whose time has come.” –Victor Hugo.

This article is published as part of the IDG Contributor Network. Want to Join?

New! Download the State of Cybercrime 2017 report