Understanding GDPR requirements: Part 2

Conclusion: The General Data Protection Regulation (GDPR) legislation being introduced by the European Union (EU) in May has ramifications to organisations worldwide.
Australian organisations that have already invested in ensuring that they comply with the Australian Privacy Act 1988, and have a robust privacy management framework in place, may find that they already comply with aspects of the EU’s GDPR. However, GDPR does have more stringent requirements including requirements that are not within the Australian requirements, so effort and investment will be required by organisations that need to comply with GDPR.
When considering an organisation’s position and defensibility in terms of whether they complied or not, organisations will need to develop an understanding of the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

About The Advisor
zzPeter Hall
Peter Hall was an IBRS advisor between 2016 and 2020 who covered enterprise infrastructure, management, managing vendor and customer relationships, vendor capabilities and vendor offerings. Peter is also experienced in Start-Up’s and Mergers and Acquisitions. Peter has over 37 years of experience working in the IT sector in ANZ and Asia Pacific, gaining invaluable insights into vendor offerings and strategies, relationship management, and channel strategies. Peter’s an experienced executive having worked for Hewlett-Packard, Blade Network Technologies (acquired by IBM in 2010), IBM and Lenovo. Peter is also an accredited Tony Buzan Licensed Instructor in Mind Mapping.