The importance of the European Global Data Protection Regulation and its implications for cybersecurity in America. Credit: Thinkstock What does May 18th, 2018 mean to you? If you conduct business with European individuals or businesses it is time to hire a Data Protection Officer (DPO). The European General Data Protection Regulation is 11 months away. This regulation is intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This regulation embodies the nexus between privacy and cybersecurity via “protection’. GDPR will eliminate plausible deniability as the penalties for non-compliance i.e. lack of protection will equate to 4% of revenue. This is a game changer. No longer will cybersecurity be viewed as an expense ; now it will become a functionality of conducting international business.The GDPR requires a Data Protection Officer being hired at the C-level. This DPO position requires thoughtful consideration of the candidate. My greatest concern is corporations will assign this historic role to a lawyer from the compliance department. That would be a travesty. May 18, 2018 is the day that has arrived for the CISO community. You should begin your tactful conversations with your C-suite now as the DPO position should be the career path for CISO’s. Once we embrace this reality we must begin the dialogue per the definition of protection. It has become obvious that protection is not merely encryption or compliance with cybersecurity standards. Protection should include those elements but it should be modernized. intrusion suppression. Adequate protection should incorporate dynamic real-time reaction to cyber intrusions. Pivoting to a strategy of intrusion suppression will improve protection and limit the impact of a breach. By stifling the adversary’s exfiltration of meaningful data an organization will protect the reputation of the brand and allow the organization to be GDPR compliant. It is my sincere hope that this column will begin a thoughtful dialogue per the definition of protection. May 18th, 2018 will be historically significant for our industry and hopefully for you Mr. or Mrs. DPO. “Not all the armies of the history of the world can stop and idea whose time has come.” –Victor Hugo. Related content opinion Digital hijacking: My identity is gone Ever wonder why your identity got stolen? Post-Equifax this article highlights a modern security strategy for the credit bureaus. By Tom Kellermann Oct 03, 2017 3 mins Internet opinion Big D: The importance of middle linebackers in cybersecurity Offense informs defense. By Tom Kellermann Aug 29, 2017 2 mins Technology Industry Cloud Security Data and Information Security opinion Crossing the Narrow Sea: mitigating island hopping Your supply chain is being invaded. It's time to discuss how best to manage risk to your supply chain and reputation in 2017. By Tom Kellermann Jul 24, 2017 3 mins Hacking Risk Management Security opinion Your brand is under siege CMOs must prepare to defend their brand and company with tools and strategies to combat almost inevitable cybersecurity events. By Tom Kellermann Jun 30, 2017 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe