Why do I need a CISO?
Despite significant attempts to create an adequate level of awareness, many organizations are still wondering how to tackle GDPR.
The way the regulation is written leaves doors open, although the Article 29 Data Protection Working Party (“WP29”) recently released guidelines on DPOs2.
- DPO is not a new concept. Some countries (e.g. Germany) have already implemented a similar type of function to address Data Privacy. Likewise, large organizations, or those processing sensitive information, also have a Privacy Office as a Governing function. However, most do not have a DPO.
- In contrast, the importance of the Chief Information Security Officer (“CISO”) has increased over the past few years with the move to digital and rise of organized cyber threats. The CISO is in charge of security of information security, which includes private data.
This document aims to provide guidance to organizations looking for a structured approach to addressing a GDPR programme. It also emphasizes the importance of the CISO as a key player for successful implementation.
DO I need a CISO ? Can the CISO be a DPO? I have no CISO and no DP0, where to invest first? Where to start?
Approach has developed a pragmatic framework to helping organizations develop a realistic compliance programme. Thanks to its unique capabilities and proven experience in GRC (Governance, Risk and Compliance), Approach provides organizations with expertise that will generate an immediate return on investment and confidence in reaching and maintaining an adequate level of compliance.