GDPR Compliance: Finding the GapsSunil Chand of Grant Thornton on Meeting the Requirements
Organizations that must comply with Europe's General Data Protection Regulation need to identify gaps in their ability to meet various requirements, including making prompt breach notifications and gaining consumers' consent to store their data, says Sunil Chand, director of cybersecurity at Grant Thornton in Canada.
See Also: A CISO's Guide to Communicating Risk
Using the NIST Cybersecurity Framework or another framework can play an important role in building an effective security strategy that helps to pave the way for GDPR compliance, he stresses.
In a video interview at Information Security Media Group's recent Toronto Fraud and Breach Prevention Summit 2017, he discusses:
- The value of using a cybersecurity framework;
- The need to avoid a checkbox approach to compliance;
- The importance of being able to demonstrate your organization has a sound approach to cybersecurity to help with GDPR compliance.
Chand, director of cybersecurity at Grant Thorton in Canada, has more than 20 years of experience in the industry. Previously, he was director, information security consulting services, at TELUS Security and CISO for a number of other organizations.