GDPR is a continuing risk management process

The European General Data Protection Regulation (GDPR) goes into effect today. For FERMA members, it is a continuing risk management process. There has been an enormous jump in awareness of the potential misuse of personal data this year, and it has thrown the spotlight on companies, and the way they manage the data they hold.

For the risk manager, the first priority is to ensure continuing compliance with GDPR as part of the organisation’s management of digital risks. This is a continuing exercise in the fast changing digital world. A second priority is to understand the associated reputation risks. In addition to some potentially very large fines, a company could be forced to alter its business model as the result of a breach of GDPR. 

FERMA has called for organisations to create dedicated internal cyber governance groups, led by the risk manager, to address digital risks across the whole enterprise. The group would support the organisation in meeting its obligations under the GDPR and Network Information Security Directive, now transposed into member state laws, and in managing other cyber risks.  

During discussions on GDPR, FERMA urged an enterprise risk management (ERM) approach to digital risks and proposed that risk managers could serve in the new role as Data Protection Officer (DPO) under the GDPR. FERMA has consistently argued that cyber security cannot be the sole responsibility of the IT department.

The President of FERMA Jo Willaert says, “We do not yet know how member states will begin enforcement of GDPR, but the consequences of non-compliance are potentially very serious. GDPR goes to the heart of the way that many large companies operate today, and could affect opportunities they would like to gain from data. Data is one of the largest assets a company holds, so these are truly enterprise issues that affect strategic aspects of the board’s mandate, including valuation, reputation and trust. The management of digital risks is a corporate issue that should be reflected in the governance of the company.”

FERMA board member with responsibility for cyber, Philippe Cotelle, commented: “GDPR has been a catalyst for increased awareness of data issues. Therefore, not only has the management of personal data improved but the way that we deal with data overall.”

For a look on FERMA activities on GDPR over the last four years, see also:

 

Share with others

Subscribe to our newsletter

* indicates required
Interests

By subscribing to our newsletter, you agree that we may process your information in accordance with our Privacy policy.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at enquiries@ferma.eu.

We use MailChimp as our marketing platform. By subscribing to our newsletter, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp’s privacy practices here.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.