The Information Security Forum (ISF) has announced the launch of the ISF GDPR Implementation Guide, which presents best practices for guiding a compliance program ahead of the European Union’s General Data Protection Regulation (GDPR). The GDPR Implementation Guide builds on the recently released ISF digest, ‘Preparing for the General Data Protection Regulation’, which summarizes the key requirements of the new legislation and lists the questions an organization needs to address to understand its GDPR readiness.
“The need for organizations to prioritize data protection and information security has never been greater. A well-funded, well-governed and enterprise-wide GDPR compliance program will demonstrate an organization’s commitment to data protection and security,” said Steve Durbin, managing director, ISF. “To get the most out of the GDPR Implementation Guide, an organization should consider its current data protection practices and how to improve those practices in line with GDPR requirements. Utilizing the GDPR Implementation Guide, organizations can better prepare, implement, evaluate and enhance their data protection activities.”
The GDPR Implementation Guide presents the ISF Approach for GDPR Compliance in two phases:
- Phase A: PREPARE by discovering personal data, determining compliance status and defining the scope of a GDPR compliance programme.
- Phase B: IMPLEMENT the GDPR requirements to demonstrate sufficient levels of compliance.
The ISF, in collaboration with ISF Members and other experts, has developed a structured method for achieving sufficient levels of compliance with the GDPR requirements. The ISF Approach focuses on key compliance actions that includes guidance required for an implementation plan, which can be embedded in a continuous improvement cycle. It is supplemented with practical actions, tips and reusable templates to accelerate compliance.
The GDPR Implementation Guide is intended primarily for data protection and privacy practitioners, IT, information risk and security professionals responsible for, or supporting, a GDPR compliance program.