Governance, Risk, & Compliance
My thoughts, observations, and readings on different facets of GRC.
Article 32: Security of processing The controller and processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk by: a) Pseudonymisation and encryption of personal data b) ensuring ongoing confidentiality, integrity, availability, and resilience of systems and services c) restoring the availability and access to personal data…
Article 25 – Data protection by design and by default A controller must: implement technical and organizational measures to protect the rights of the data subject, protect personal data at the time of implementation and design, protect personal data throughout its lifecycle, control access to that personal data. Article 47 – Binding corporate rules Any…
General Data Protection Regulation (GDPR) has come into effect on May 25, 2018. It will apply to all companies with operations in the EU region and to companies based anywhere in the world but stores and processes EU citizen data (even if the processing is done outside the EU). The failure to comply with the…