Book Review: GDPR Compliance
GDPR: How to Achieve and Maintain Compliance. By Andrew Denley, Mark Foulsham, ad Brian Hitchen. Routledge; routledge.com; 212 pages; $39.95.
Cybersecurity professionals say there are two types of network operators—those who know there’s been a cybersecurity breach and those who have yet to discover there’s been a security breach. The question is not “if” but “when” the next network breach will occur.
The General Data Protection Regulation (GDPR) is a recent law intended to improve upon and better define the protection of personal data. It establishes fines for organizations that fail to maintain technical or organizational safeguards for protecting personal data. Primarily directed towards the European Union (EU) and European Economic Area (EEA) countries, it also impacts any international organization that exports, maintains, or collects EU privacy data outside the region.
Written to help those who manage data, GDPR: How to Achieve and Maintain Compliance provides clear and concise information in an easy-to-read format. Why should a non-European business care about EU privacy data? The answers are found throughout this book, which includes numerous references to articles and recitals in each chapter.
Chapters cover GDPR principles, awareness, and information security best practices. The book provides the foundation necessary for establishing proper security protocols and offers clear and concise procedures for maintaining those protocols and achieving operational cybersecurity.
The authors have more than 90 years of combined experience in complying with security requirements and thereby avoiding hefty penalties. Chief information officers, data protection officers, and individuals that process or control EU privacy data would be prudent to review the information in this book and use it like a checklist to protect data in their possession, data-based systems, and potentially the reputation of the business.
Reviewer: Mark A. Terry, CPP, PCI, PSP, CISSP, is the security and protection manager for a U.S. Army Criminal Investigation HQ that encompasses the Western United States and Asia Pacific Rim. He is a member of the ASIS School Safety and Security Council and the Global Terrorism, Political Instability, and International Crime Council. He also serves as the Puget Sound Chapter’s secretary.