Ask us a question

You are here

GDPR - why a CISO!

Why do I need a CISO? 

Despite significant attempts to create an adequate level of awareness, many organizations are still wondering how to tackle GDPR.

The way the regulation is written leaves doors open, although the Article 29 Data Protection Working Party (“WP29”) recently released guidelines on DPOs2.

  • DPO is not a new concept. Some countries (e.g. Germany) have already implemented a similar type of function to address Data Privacy. Likewise, large organizations, or those processing sensitive information, also have a Privacy Office as a Governing function. However, most do not have a DPO.
  • In contrast, the importance of the Chief Information Security Officer (“CISO”) has increased over the past few years with the move to digital and rise of organized cyber threats. The CISO is in charge of security of information security, which includes private data.

This document aims to provide guidance to organizations looking for a structured approach to addressing a GDPR programme. It also emphasizes the importance of the CISO as a key player for successful implementation. 

DO I need a CISO ? Can the CISO be a DPO? I have no CISO and no DP0, where to invest first?  Where to start?  

Approach has developed a pragmatic framework to helping organizations develop a realistic  compliance programme. Thanks to its unique capabilities and proven experience in GRC (Governance, Risk and Compliance), Approach provides organizations with expertise that will generate an immediate return on investment and confidence in reaching and maintaining an adequate level of compliance.   

Where are you in your GDPR journey ? Have a look at our GDPR page 

Our approach to cyber-security

Our customers benefit from the expertise and talent of our people, combined with pragmatic and proven methods and the efficiency brought by our assets:


Expertise and talent

Since 2001 we have applied our experience in cyber-security gained in various industries, from small to large businesses. Our people are seasoned, certified professionals who continuously improve and extend their knowledge.


Pragmatic and proven methods

We rely on most recognised, easily auditable and adopted standards and good practices and apply them pragmatically. We always tailor our approach to your particular context, needs and organisation culture.


Asset-based approach

We make use of the most advanced and reliable tools and solutions to support our services. This enables us to be more efficient during delivery, enforce the use of standard auditable methods and provide transparency about our achievements and your results.

Certified professionals
Success stories
Year of establishment
+ 0%
Average annual growth