Legislative compliance guide: GDPR and everything in between

IoT and AI among other trends are transforming offices and businesses across Europe and the legislative world is reacting by putting compliance at the top of the corporate agenda.


Close up of man hand and laptop

The GDPR security requirements

The GDPR has been a primary focus for media and boardrooms everywhere, with daily reminders sent about the regulation’s finer points and the penalties for non-compliance. Despite the importance of the GDPR, it is vital that we don’t forget the numerous other legislative changes that are seeking to protect consumers and their data, in the digital age.

Businesses will need to look introspectively to ensure that the GDPR principles are built into their processes and workflows – not just when it comes to the data they store, but to the employees who act as the gatekeepers and managers of this information. CIOs cannot rely solely on their IT teams to guarantee compliance, they must ensure that employees across the business are made aware of the regulation and the many processes and policies that accompany it.

Develop a risk management strategy using digital technology to suit your business.

The CIO, risk and compliance

As organisations prepare for legislative change, the role of the CIO will grow dramatically, with the edification of legislation a huge priority. Take the ISO Compliance (27001), a set of best practice standards for information security which encompass people, processes and technology. Much like the GDPR, ISO Compliance (27001) requires organisations to conduct risk assessments and business continuity, testing and assessments. IT alone cannot guarantee these standards; this demands the support of the entire business. In any office, responsibility falls on everyone, whether they’re charged with handling huge volumes of data every day or simply print out key information from time to time.

Comparatively, there are legislative changes on the horizon where IT will be the sole player. The PCI Data Security Standard (PCI DSS) covers technical and operational system components included in or connected to cardholder data. With serious fines at stake, the IT department must rigorously follow a 3-step process of assessing cardholder data, IT assets and business processes for card payments; fixing vulnerabilities in data storage; and collating reports for relevant banks and card brands. Alongside this, they will need to safeguard and test critical data security controls, while ensuring that payment terminals, systems and solutions are protected.

These regulatory changes mean that interoperability is more important than ever before. PSD2 encourages a competitive landscape and so in order to maintain a competitive edge, CIOs will need to ensure that their IT infrastructure has inherent flexibility that will facilitate third party apps and enable them to take advantage of internal and external innovation.

With the rate of data creation increasing exponentially, understanding legislation and applying the necessary protocols within your business is crucial. CIOs will need to play a leading role in disseminating and translating complex data and security legislation for their business, while fostering a culture of security. Staying on top of the latest legislative changes will be imperative to achieving this.

Data protection legislation guide

More than 50% of companies will not be in full compliance with the GDPR’s requirements by the end of 2018. Discover the data protection changes impacting your office.


Ariel shot of 5 people working around an open plan office

Related solutions

Explore further

Find out how Canon’s information security solutions can help your business