<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu

Hamburger-menu.png
MobileSearchIcon.png
Brightline-BlogBanner.jpg

THE SCHELLMAN ADVANTAGE BLOG

< BACK TO BLOG HOME

Curtain-Going-Up-On-GDPR.jpg

Curtain Going Up On GDPR

Written by KEVIN KISH on Mar 9, 2018

Companies have had several years to prepare for GDPR yet many still are far from being fully compliant. With the launch deadline nearly upon us, Alan Earls reports on some final thoughts for corporate preparations.

Maybe it is just that people are reluctant to face up to bad news, like an ominous diagnosis from a physician. Or, perhaps it is the broad Atlantic Ocean, which seems like it ought to provide some insulation from the long arm of European law. Whatever the reason, most experts agree that companies on the North American side of the proverbial pond are too often behind times in preparing for the consequences of the European Union’s General Data Protection Rules (GDPR), which sets a very high bar for privacy and data management. This new regulation affects nearly every organization that does online business with citizens of the European Union, regardless of the citizens’ or the company’s geographic location. “If you process data of an EU citizen — even if your business is located outside of Europe or that individual is outside of Europe — you need to make sure you have systems in place to be GDPR compliant,” says Christopher Rence, chief information, security, and risk officer at Digital River, a Minnetonka, Minn.-based global ecommerce, payments and marketing services company.

As with other amorphous business challenges that don’t go directly to the bottom line, motivation and communication are important. Organizational campaigns and general awareness training programs are a great way to generate buzz on GDPR and to prime staff on its wide-ranging requirements, notes Kevin Kish, privacy technical lead at Schellman & Company, Inc., a security and privacy compliance assessor. Longer term, your organization’s first line of defense is the people who interact with customers. So, Kish says, it makes sense to build a tactical, role-based training plan with department privacy leads to address how specific business units should handle data in their possession.

Read More:  www.scmagazine.com

KEVIN KISH

MEET THE WRITER

KEVIN KISH

SENIOR ASSOCIATE

Kevin Kish is a Privacy Technical Lead with Schellman & Company, LLC. With nearly 8 years industry experience, he has a strong history of implementing, maintaining, and assessing global information security and privacy requirements, including ISO 27001, HITRUST, Privacy Shield and the General Data Protection Regulation. As an industry advocate, he is passionate about researching and writing on the fundamentals and concepts of sustainable data privacy; and, providing education to clients on the risks, challenges, and best practices around data privacy legislation. He holds several privacy designations from the international association of privacy professionals, including CIPP/US, CIPP/E, and CIPM.

COMMENTS