The GDPR’s requirements were purposefully left flexible to be adaptable to many types of companies and circumstances. Sensible though the legislators’ goal of flexibility may be, it can be frustrating for data security teams to try to translate a standard into specific policies, procedures and practices, and organizations are eager to obtain prescriptive guidance. The U.K.’s Information Commissioner’s Office (ICO) has provided such guidance, and in this guest article, Hogan Lovells attorney Nathan Salminen analyzes the advice and distills the valuable insights it gives, focusing on some of the most noteworthy topics discussed including mobile devices, patching, service providers, documentation of decisions, locking down systems and devices and patching. See also “Direct From the Irish Data Commissioner: GDPR Enforcement Priorities (Part Two of Two)” (May 2, 2018).
Jan. 2, 2019
The Cybersecurity Law Report’s Most-Read Articles of 2018
Jan. 9, 2019
Ten Cyber and Privacy Resolutions for the New Year
Jan. 9, 2019
GDPR Provides Model for Privacy and Security Laws in Latin America and Asia (Part One of Two)
Jan. 16, 2019
Key Cyber Threats and Targets for 2019
Nov. 28, 2018
Insights From Uber: An Inside Look at Its Privacy Team Structure and How Legal and Tech Collaborated on Its Differential Privacy Tool
Webinar: Building a Strong Relationship Between Privacy and Information Security Teams for Effective Data Protection
Join the Cybersecurity Law Report on January 24, 2019, from 12:00pm-1:00pm EST, for a complimentary webinar about how privacy and security professionals can effectively coordinate for strong data protection programs. Dan Koslofsky, associate general counsel at Gap Inc., and Aaron Weller, co-founder and strategy VP for Sentinel LLC, will join the Cybersecurity Law Report’s Jill Abitbol to discuss, among other topics, the evolving roles of privacy and security professionals and practical examples of best practices for successful communication and coordination of efforts. Registration information is here.