What are some of the complexities of the EU's General Data Protection Regulation, which will be enforced beginning May 25? U.S.-based Gerald Beuchelt, CISO at LogMeIn, a global provider of software as a service and cloud-based remote connectivity services, offers compliance insights in an interview with Information Security Media Group.
"One of the interesting areas that we have been looking at ... was to fully understand our data processing processes," he says. "What are we actually doing with the data? Where does it come from? Where does it go to? Who has access to particular aspects of that? What is it being used for? We are obligated to be very transparent about our data processing activities."
Beuchelt emphasizes that GDPR compliance needs to be driven from the top.
"There needs to be a full commitment from the company leadership - the executive team, the CEO, the board of directors. ... [GDPR] needs to be really driven down into every single department to validate that the requirements are fulfilled, that the rights of the data subjects under GDPR are maintained and that overall any kind of data processing activity ... takes place in a secure way."
In this interview (see audio link below image), Beuchelt also discusses:
- Misconceptions about GDPR;
- Lessons from compliance with other regulations;
- Sorting through data protection and data privacy issues.
Beuchelt, the CISO at LogMeIn, is based in the U.S. He previously was the chief security officer at Demandware, a Salesforce company. There he was responsible for leading the development, implementation and management of the corporate information security governance and management framework.