The latest enterprise risk management news from around the world

The Information Security Forum (ISF) has announced the launch of the ISF GDPR Implementation Guide, which presents best practices for guiding a compliance program ahead of the European Union’s General Data Protection Regulation (GDPR). The GDPR Implementation Guide builds on the recently released ISF digest, ‘Preparing for the General Data Protection Regulation’, which summarizes the key requirements of the new legislation and lists the questions an organization needs to address to understand its GDPR readiness.

“The need for organizations to prioritize data protection and information security has never been greater. A well-funded, well-governed and enterprise-wide GDPR compliance program will demonstrate an organization’s commitment to data protection and security,” said Steve Durbin, managing director, ISF. “To get the most out of the GDPR Implementation Guide, an organization should consider its current data protection practices and how to improve those practices in line with GDPR requirements. Utilizing the GDPR Implementation Guide, organizations can better prepare, implement, evaluate and enhance their data protection activities.”

The GDPR Implementation Guide presents the ISF Approach for GDPR Compliance in two phases:

  • Phase A: PREPARE by discovering personal data, determining compliance status and defining the scope of a GDPR compliance programme.
  • Phase B: IMPLEMENT the GDPR requirements to demonstrate sufficient levels of compliance.

The ISF, in collaboration with ISF Members and other experts, has developed a structured method for achieving sufficient levels of compliance with the GDPR requirements. The ISF Approach focuses on key compliance actions that includes guidance required for an implementation plan, which can be embedded in a continuous improvement cycle. It is supplemented with practical actions, tips and reusable templates to accelerate compliance.

The GDPR Implementation Guide is intended primarily for data protection and privacy practitioners, IT, information risk and security professionals responsible for, or supporting, a GDPR compliance program.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.