Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
GDPR and employee data protection: Cyber security data example
Cyber Security: A Peer-Reviewed Journal,
2
(1),
23-30
(2018)
Abstract
This paper explores the implications of the European Union (EU) General Data Protection Regulation (GDPR) on employee personal data, specific to data elements that might be collected by Information Security (IS) in the effort to protect and defend the environment from data breach and exfiltration. GDPR compliance became effective in May 2018, and many organisations are still working through the strategic complexities of GDPR’s impact on their organisation. Using an example of a phishing assessment data set, the paper traverses the potential challenges that an organisation is likely to face. GDPR further defines sensitive information, and using this phishing assessment data, the paper illustrates a project data flow that defines what data would exist, its sensitivity level, the data owner, the data source, the data use, data retention and destruction considerations, as well as reporting and storage.
Keywords: privacy; security; cyber security; e-mail; GDPR; cyber; electronic mail
The full article is available to subscribers to the journal.
Author's Biography
Deborah Watson is an information technology specialist, focused on Corporate Information Security Strategy, Compliance, Infrastructure Security and Data Protection at KPMG. She has more than 18 years’ experience in the information technology and security fields. While her most recent expertise includes security strategy, security privacy, risk management, messaging security and compliance, she also has extensive experience in infrastructure security design, encryption, key management, endpoint hardening, antivirus architectures, system architecture and design, business continuity, patch and vulnerability management and project management capabilities. She holds a Master’s degree in Information Technology Management from Harvard University and is pursuing her PsyD at CalSouthern University.
Ryan Millerick is an information technology specialist in KPMG’s Advisory Services practice with more than ten years of IT and business experience in the information systems field and a varied background in information security, security management and regulatory compliance. He has performed systems implementations, information technology audits, and business process reviews. His experience includes Enterprise Governance Risk and Compliance implementations, cyber security assessments, technical process reviews and IT audits. His clients include life sciences, telecommunications, entertainment, retail, financial services, service providers and manufacturers. His technical expertise includes a wide range of software platforms and capabilities.
