With GDPR coming into effect on May 25, 2018, any organization handling EU citizen’s personal data should be prepared to comply with stricter privacy regulations or be ready to pay up to four percent of their global annual revenue in fines or €20,000,000. This is a substantial penalty for non-compliant companies, and does not focus just on companies based in Europe — it’s for ALL companies globally who do business in the EU. With just months remaining, the clock is ticking on companies to be compliant. Let’s explore what is covered by GDPR and how it may impact your organisation answering questions such as do I need to have a DPO; I don’t do business directly in the EU when does GDPR affect me; what data is affected? While a compliance theme has been pushed by vendors, we will cover why GDPR is not about compliance but about changing key process and procedures such as incident response.
With over 25+ years experience, Thomas Fischer (@FVT) has a unique view on security in the enterprise with experience in multi domains from risk management, secure development to incident response and forensics. Thomas has held roles varying like incident responder to security architect for fortune 500 company to industry vendors and consulting organizations. Thomas currently plays a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. Thomas is also an active participant in the infosec community not only as a member but also as director of Security BSides London and ISSA UK chapter board member.