What typical companies usually failed to implement even a year after GDPR went into force
The paper evaluates the general approach of companies Czechia towards implementation of the General Data Protection Regulation, known as "GDPR", areas typically implemented and areas which have usually been overlooked. Paper will also point out obligations requiring continuous attention.
The presented findings are based on selection of fifteen projects that the author personally implemented in 2017 and 2018. We have identified that some important areas can be marked as prevalently not addressed, these would include the proper solution for The right to restriction of processing and appropriate documentation for CCTV cameras system documentation. Areas which were typically found partially (but insufficiently) addressed would include detection, evaluation, resolution and reporting of security breaches. At the same time, it is necessary to bear in mind the fact that the obligations arising from the General Regulation do not end up with the one-off implementation of the measure, but the permanent implementation of selected activities is required, in particular the evaluation of new processing activities in the event of a change, updating the records of processing activities and the effectiveness of measures introduced.
Ing. Jiří Slabý, Ph.D.
Jiří is the founder and director of the consulting division of ISECO, specializing in information and cyber security. He has 18 years of experience in IT and 10 years in IT and cyber security. Jiří gradually held a number of positions in the entire IT project cycle from pre-sales technical support in the form of solution design and architecture, contract negotiation and project setup, solution architecture solutions, implementation management to final testing. Today he is the head of the division with complete responsibility for its operations, business, marketing, casting and project delivery.
His technical expertise covers a wide range of areas and technologies. In the field of security, the family of ISO 27000, ISMS, and personal data protection (GDPR) and electronic identity (eIDAS) regulations are the most important. Jiri is historically a big fan of technology and therefore he has been involved in many projects with Hadoop, PHP, Python, HTML / CSS, Linux / Unix, IBM tools (Rational, Tivoli, Infosphere, Lotus, Websphere), security technologies (SIEM, log management) , FW, DLP, IPS, Encryption, PKI), continues through IT methodologies and frameworks (TOGAF 9, Archimate 2, UML, RUP) and covers a number of business perspective domains (BigData, eCommerce, Application Integration, Data Analysis, Security architecture and protection, crisis management).