GDPR Requires 'Continuous' CompliancePeter Beardmore of RSA on Going Beyond a Checklist Approach
Europe's General Data Privacy Regulation, which will affect organizations worldwide, will force them to move from "static" to "continuous" compliance, says Peter Beardmore of RSA.
For example, affected companies will have to continually ensure they're well-equipped to notify authorities of a breach within 72 hours, as GDPR requires, he points out.
Organizations also need to go far beyond a checklist approach to complying with GDPR and other regulations, conducting frequent risk assessments and addressing gaps identified, he adds.
In a video interview at Information Security Media Group's recent Toronto Fraud and Breach Prevention Summit, he also discusses:
- The change in regulations from prescriptive to holistic;
- Why continuous assessment of data will be crucial under GDPR;
- The importance of leveraging the NIST cybersecurity framework.
Beardmore, director of corporate marketing at RSA, has nearly two decades of IT, security and software marketing and business development experience. He began his career as a Signal Corps Officer in the U.S. Army. Prior to joining RSA, he held other key product marketing roles in the security industry.