Assume you are an IT security specialist for a large U.S. online retail organization that does business internationally. Your CIO has asked you to thoroughly review the new General Data Protection Regulation (GDPR) recently implemented in the European Union. He wants to understand exactly what the organization must do to comply with this regulation when doing business with EU customers.
Provide a detailed discussion about the rules for businesses and the rights of the EU citizens.
Include a discussion of the following:
What does the GDPR govern?
What rights do the EU citizens have with regard to their data?
What is considered personal data under this regulation?
What is considered data processing under this regulation?
Describe the role of the data protection authorities (DPAs).
Discuss, in detail, how the GDPR will change business and security operations for your organization. Provide the CIO with a recommended checklist for GDPR compliance and discuss processes and policies that may need to be changed in order to comply with GDPR.
