Data Protection Officer Role Will Be Key If You Operate in the E.U.
CIO - Organizations that operate in the European Union (E.U.) may soon be searching for candidates for a new role mandated by law: the Data Protection Officer (DPO). As currently described by the proposed legislation, the DPO role would require a seasoned professional with credentials in the security trenches, reporting directly to the board of directors. With the potential for a land grab of qualified candidates, organizations may want to begin defining their needs now.
"The CEOs, or whoever's running this business, are going to be responsible for hiring people that can communicate," says Patrick Clawson, a veteran of the security industry and chairman and CEO of Lumension Security, a specialist in endpoint management and security. "There are a ton of very smart people who get IT security, but they don't have the ability to make it viral among the employee base. They have to be passionate about credentials and be good communicators that can work with the people in the business and the executive team. This isn't a role for someone right out of college."
Many of the qualified candidates will come out of large consultancies like Capgemini and IBM, Clawson says, noting that organizations will want to make sure they have a seasoned professional because the proposed legislation would have serious teeth. The European Commission (E.C.), which published a first draft of the new data protection legislative package in January, has proposed hefty fines for non-compliance. A provision would allow national supervisory authorities to send a warning letter for first offenses, but serious violations (like processing sensitive data without an individual's consent) would allow those supervisory authorities to impose penalties of up to A'AA!1 million or up to 2 percent of a company's global annual turnover.
"To be fair, if you're going to put something in place, if there aren't teeth it won't happen," Clawson says. "The most successful U.S. legislation like HIPAA and PCI have big hairy teeth."
The E.C.'s proposed legislative package is intended to both harmonize the data protection laws across the E.U. member states and update them to address the new technological reality (like cloud computing). Currently, data protection in the E.U. falls under the Data Protection Directive, adopted by the E.C. in 1995. As a directive, it provided a list of issues the E.U. member states should address with their own legislation. That left each of the 27 E.U. member states to implement their own varying versions of data protection laws. The new legislation would replace those laws with a single set of rules that would govern data protection across the E.U.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- 5 Ways Dropbox for Business Keeps Your Data Protected
- Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- What is this "File Sync" Thing and Why Should I Care About It?
- All of a sudden, getting a file from your work laptop to your iPad became as simple as clicking "Save." So it's no...
- The Keys to Securing Data in a Collaborative Workplace
- Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- Evaluating File Sync and Share Solutions: 12 Questions to Ask about Security
- File sync and share can increase productivity, but how do you pick a solution that works for you? Download to learn some important... All Government IT White Papers
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the...
- All Government IT Webcasts