What steps should an organisation take to comply with GDPR? Cyber security journalist Edward Lucas explains.
According to Edward Lucas from The Economist, the Data Protection Officer (DPO), reporting to the CISO, the General Counsel, or the Chief Risk Officer, will be a key part of any cyber security strategy under the GDPR. DPOs need to have the authority to make changes to cyber security processes and to invest in cyber defences. The advent of GDPR adds urgency and organisations need to assess the data they have, the processes they have in place to prevent cyber security breaches, and the processes for monitoring and detecting a cyber incident should one happen.