Preview: Cybersecurity and law in light of the GDPR era

As part of Cybersecurity Week Luxembourg on Tuesday, October 19, from 5:00 pm to 6:00 p.m. CEST, Renaud Le Squeren of DSM Avocats à la Cour and I will be presenting a live English-language session on the topic of “Differing perspectives on sensitive data: cybersecurity and law in light of the GDPR era”.

Though Renaud will be fielding all of the legal questions around Luxembourg-specific requirements, data transfer outside of the EU, and EuroPrivacy, I plan on speaking from Damovo, Lares’ experience providing virtual/fractional Chief Information Security Officer (CISO)  and Data Protection Officer (DPO) services for multinational corporations across financial services, manufacturing, and software industries.

Perhaps one of the most common questions that materialize in the organizations we work with is “how can we balance security and compliance requirements with the ever-evolving international privacy landscape?” I wish there was a simple one-line answer but, unfortunately, the level of effort varies from company to company based on the maturity of their existing security, compliance, and privacy programs and the willingness of the organization to understand and act on the required changes.

This is where the role of the DPO comes into play. Where the CISO is primarily tasked with defining, measuring, and enforcing the security and compliance aspects of the business, the DPO must be empowered to do the same through the lens of privacy. Similarly, the CISO is first and foremost the advocate for the security and compliance of the business whereas the DPO must strike a balance between advocating for the rights of the customer and the business.

To learn about how to strike an effective balance between the two roles within your business, please join us at Cybersecurity Week Luxembourg on Tuesday, October 19, from 5:00 pm to 6:00 p.m. CEST by registering today.

Andrew Hay

CISO, COO @ Lares