The GDPR’s requirements were purposefully left flexible to be adaptable to many types of companies and circumstances. Sensible though the legislators’ goal of flexibility may be, it can be frustrating for data security teams to try to translate a standard into specific policies, procedures and practices, and organizations are eager to obtain prescriptive guidance. The U.K.’s Information Commissioner’s Office (ICO) has provided such guidance, and in this guest article, Hogan Lovells attorney Nathan Salminen analyzes the advice and distills the valuable insights it gives, focusing on some of the most noteworthy topics discussed including mobile devices, patching, service providers, documentation of decisions, locking down systems and devices and patching. See also “Direct From the Irish Data Commissioner: GDPR Enforcement Priorities (Part Two of Two)” (May 2, 2018).
Feb. 27, 2019
Preparing for the CCPA: Securing Buy-In and Setting the Scope
Mar. 6, 2019
Preparing for the CCPA: Best Practices and Understanding Enforcement
Jul. 18, 2018
What to Expect From California’s Expansive Privacy Legislation
Mar. 13, 2019
Takeaways From 2018 COPPA Developments and a Forward-Thinking Approach to Compliance
Mar. 13, 2019
Essential M&A Cybersecurity Due Diligence Questions
Measuring the effectiveness of a compliance program can be tricky, but some companies are finding ways to use their existing internal controls to generate useful data. Join our sister publication the Anti-Corruption Report (ACR) for a complimentary webinar that explores Hewlett Packard Enterprises’ new travel-and-entertainment-approval tool. On Wednesday, March 27, 2019, from 1:00 p.m. to 2:00 p.m. EDT, the ACR’s Megan Zwiebel will interview Becky Rohr, vice-president of anti-corruption and global trade at Hewlett Packard Enterprises, about how they are using their T&E tool to measure and improve compliance. Registration information is here.