The coronavirus is now a pandemic and is very much at the forefront of all decisions that businesses are taking. This article examines how this latest pandemic is affecting the role of a CISO and provides recommendations on how they can achieve a sound level of security amidst the panic.
Article 32 of the General Data Protection Regulation (GDPR) requires that companies implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed to the rights and freedoms of individuals. In doing so, they should take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the data processing, as well as the risk of varying likelihood and severity for the rights and freedoms of the individual.
This requirement informs, to a great extent, what a CISO’s responsibility should be when it comes to processing personal data. One of the key roles of a CISO is to consistently review and monitor the security measures that are in place to protect systems and information. In the event that such systems and/or information are compromised, the CISO will play a vital role to ensure such…
