The GDPR legislation that will come into force on May 25, 2018 introduces, among the various obligations of the Holder of the personal data, the reporting of Data Breach events to the privacy Guarantor within 72 hours (and in any case, without delay), where a data breach includes any event concerning the violation of personal data stored by the data controller. This new standard will not only impact the strictly technical aspect of IT infrastructure, but will lead to a revision of the concept of IT Governance and its processes.
Often, problems related to the GDPR are dealt with only by a technical approach. But we shouldn’t forget about the need for the good governance of the IT processes that underpin them.
It is indeed no coincidence that the legislation speaks of the need for a “procedure to test, verify and regularly evaluate the effectiveness of technical and organizational measures in order to ensure safety of the treatment.”
We are clearly in the sphere of IT Governance.
One case I can mention concerns the management of incidents resulting from a Data Breach event: It must be clear that the categorization and registration of an Incident cannot be exempted from the requirement to include all the information related to countermeasures designed to cope with such events. It’s not just about collecting and recording information (the technical part of the solution) but about integrating this information within a process and managing its lifecycle, showing that you have done your best to avoid the data privacy breach in the first place!
In this specific case, the link between Incident and Problem processes is of fundamental importance in order to verify and confirm the validity of the remedy measures as shown in the table below.
The table above is just a brief example of what you can do by adopting the ITIL approach in your Governance Model in order to take full advantage of the features offered by EriZone and NetEye.
By adopting a Process Approach, you can tackle the various aspects of GDPR requirements holistically, while also being able to understand how your resources will be impacted by any requested implementations.
From this moment on, you need to make privacy a critical part of the vision and strategy of your organization. You can use EriZone and NetEye to distribute the value of ITIL Process adoption across your network, addressing and budgeting for all aspects of GDPR.