ISACA’s GDPR assessment is one part of a broader strategy to get tech professionals of all types ready for new privacy regulations that start next month.
With the May 25 deadline for the European Union’s new data-privacy regulations rapidly approaching, one association has launched a free tool to help organizations determine whether they’re compliant.
The GDPR Assessment, created by IT governance association ISACA, is a 46-item checklist addressing the EU’s General Data Protection Regulation. Starting May 25, all businesses based in the EU will have to adhere to the new rules relating to how individual information is processed, stored, and shared, or face stiff penalties. So will any organization with members or customers who reside in EU countries.
ISACA Director of Product Management Tanya Rose said the assessment is the brainchild of a 15-member volunteer work group that was launched last year to explore ways to educate its members and the IT community at large about GDPR. “As part of that process with the work group, we had a couple of passionate members who really wanted us to focus on creating something that would allow people to understand gaps that they may have as it relates to GDPR and help prioritize where they could focus their efforts,” she said.
“We’ve considered this for all different levels.”
Because GDPR’s impact is so broad, Rose said, part of ISACA’s strategy around the regulation is to create tools and education opportunities that target a wide variety of IT roles and skill levels. The assessment, for instance, may be a good fit for CIOs and CEOs who are looking for a broad overview of the issues involved, while a chief privacy officer or worker in more technical roles may want to use the e-book it released in January, or attend one of the events or webinars it’s created around GDPR. “We’ve considered this for all different levels,” she said.
Since its release last week, Rose said, the webpage for the free assessment has had nearly 10,000 visits. The visit rates are likely to increase in the coming weeks as the May 25 deadline comes closer, but Rose said the assessment and the work group will keep going after the deadline passes.
“There’ll still be activity going on, especially in individual countries with different regulations that they may be looking at,” she said. “We’re expecting to see additional information come out after the 25th comes and goes. Hopefully not too many people will get dinged for not being compliant, but we’ll probably see a lot of different things happening, and guidance on what people can do. We’ll modify our assets or provide new assets in the market that will help based on the new information we see after the deadline passes.”