ICSA releases guidance to improve Board-level awareness of GDPR responsibilities

ICSA: The Governance Institute has released guidance to facilitate conversations between Boards of Directors and those within organisations responsible for dealing with data to help them cope more effectively with the implications of the forthcoming EU General Data Protection Regulation (GDPR). Alongside an overview of the new legal landscape, the guidance highlights the strategic and practical considerations raised by the GDPR.

Peter Swabey FCIS, policy and research director at ICSA, told Risk UK: “When the GDPR comes into effect next May, decision-makers at the highest levels will need clear and reliable updates from those more closely involved in the management of data throughout an organisation. Company secretaries will need to act as conduits for information from multiple functions including legal, HR, IT and other departments, such as customer services and marketing, in order to help Board members raise appropriate questions with management and assist respondents by highlighting important or missed considerations. This guidance will help to facilitate dialogue between all parties needing to engage on this important issue.”

Prepared with the assistance of a Working Group comprised of ICSA members and representatives from Baker & McKenzie LLP, the guidance offers further information about the requirements that could act as a checklist for those closer to the detail of implementation. It also provides examples of how practical considerations could be addressed.

Peter Swabey

Peter Swabey

The guidance breaks the legislation down into three key areas: data basics, dealing with individuals and governance and risk management.

“Organisations of all shapes and sizes need to be ready to meet the requirements of the GDPR, whether operating within or outside of the EU, but offering goods or services to individuals within the EU or operating outside the EU and ‘profiling’ individuals within the EU,” added Liz Bradley, ICSA policy manager (corporate) and author of the guidance. “The new accountability principle will make it even more important to have well-documented procedures in place that genuinely embed data protection into the way in which an organisation functions. This guidance should go some way towards helping organisations to prepare for the GDPR effectively and lessen the risk of incurring the hefty penalties being proposed for non-compliance.”

ICSA: The Governance Institute is the professional body for governance. The organisation has members in all sectors and is required by its Royal Charter to lead ‘effective governance and efficient administration of commerce, industry and public affairs’. With over 125 years’ experience, the organisation works alongside regulators and policy-makers alike to champion high standards of governance and provide qualifications, training and guidance.

*For further information on ICSA: The Governance Institute access the website

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts