There’s a lot of confusing rhetoric around GDPR (General Data Protection Regulation). I’d like to help clear up some of it. I’m not a GDPR expert; however, I am a CISO with pretty deep experience in the implementation of risk management and information security programs. I lead my own organization’s GDPR readiness activities, and I’ve studied, and passed, the C-GDPR-P Data Protection Officer/DPO certification.
A part of my job is to engage with security executives at a peer level: roundtables, focus groups, you get the picture. Despite my attempts to drive conversation down the path of cloud security, malware analysis, and micro-perimeterization, it seems that GDPR is the hottest subject at the moment.