The future for CISOs following the introduction of the GDPR and NIS Directive

The responsibilities of the CISO (chief information security officer) have remained consistent over the years, but big changes in the cyber security landscape in 2018 could spark an evolution of the role. 

Largely led by the introduction of the EU GDPR (General Data Protection Regulation) and the NIS Directive (Directive on security of network and information systems), organisations are shifting the way they manage cyber threats, and CISOs will have to adapt too. 

A crucial role 

In the past, CISOs took primary responsibility for data protection, but under the GDPR, many organisations will be required to appoint a DPO (data protection officer) to take over many of these tasks. According to Pierre-Luc Réfalo, head of cyber security consulting at Capgemini, this will allow CISOs to focus on business and security concerning new digital technologies. 

Réfalo said that CISOs will also play “a crucial role in new digital product development”. He added: 

At present, many firms go to market without considering embedding security in the product or service. Now, instead of cybersecurity being an afterthought, CISOs will be involved from the start to ensure all new offerings are GDPR compliant and secure by design from a business, legal and technical standpoint. 

In turn, this will result in a bottom-line boost for their business. Our research indicated that of those consumers who are convinced an organization protects their personal data, 39% have purchased more products and increased spend with that firm as a result. 

GDPR training 

Whether you’re a CISO or not, the introduction of the GDPR will cause, or has already caused, significant changes to the way you work, so it’s essential that you understand what’s required of you. Our Certified EU GDPR Foundation Training Course is there to show you everything you need to know about the Regulation. It’s delivered by an experienced data protection practitioner, who will explain:  

  • The GDPR’s background and terminology;  
  • The six data protection principles;  
  • The role of data controllers and processors;  
  • Data subjects’ rights;  
  • How to secure personal data; and  
  • How to report data breaches.  

This one-day course is running in venues across Europe. It’s suitable for directors or managers who want to understand how the GDPR affects their organisation, employees who are responsible for GDPR compliance, and those with a basic knowledge of data protection who want to develop their career.  

The course is available in English, French, German, Italian and Spanish. 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.