Gartner Blog Network


GDPR Requires IRM For Fast and Effective Response

by John A. Wheeler  |  September 14, 2018  |  Submit a Comment

This week, Gartner hosted its annual Security & Risk Management Summit in London and the buzz at the event centered on the new risks associated with the General Data Protection Regulation (GDPR). The discussion was fueled by the recent cyber attack experienced by British Airways (BA). BA disclosed the data breach just prior to our event and it was headline news in London throughout the week.

To summarize, BA’s data breach involved roughly 380,000 customers who transacted on BA’s websites from late August through the first week of September. Given the requirement by GDPR to disclose data breaches within 72 hours of discovery, BA had little time to understand the potential impacts from the breach. So, their disclosure was vague and left many customers guessing what to do in the wake of the breach. What is most concerning now is the potential for a GDPR fine which can range up to 4% of annual revenues or, in BA’s case, £500 million. It’s no wonder that CEOs consider risk management as one of their top priorities in 2018 (see figure below).

riskCEOpriority2018

No longer will organizations have the luxury to take as much time as they want to disclose and when they do, accuracy of the disclosure is paramount. To respond quickly and effectively, an integrated risk management (IRM) approach and toolset is required. IRM links enterprise risk management (ERM), operational risk management (ORM) and IT risk management (ITRM) so that response can be coordinated quickly among a range of stakeholders and utilizing a robust risk management data set (see figure below).

threelevelsIRM

In my one-on-one interactions with attendees at the London Summit, everyone agreed that IRM is the solution and must be a priority for organizations in this new world of GDPR. To learn more about IRM, check out my latest research (Gartner subscription required) or read my blog posts (for free!) at the Gartner Blog Network.

Category: compliance-management  cyber-risk  cyber-security  digital-risk  enterprise-risk-management  information-security  integrated-risk-management  irm  operational-risk-management  risk-management  strategic-risk  trends-predictions  

Tags: cybersecurity  gdpr  integrated-risk-management  irm  

John A. Wheeler
Director, Research & Advisory - Integrated Risk Management
7 years at Gartner
28 years IT Industry

John A. Wheeler leads analyst coverage of integrated risk management (IRM) technology solutions and professional services. His areas of specialty include risk management, executive leadership and corporate governance. Follow him on Twitter @JohnAWheeler Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.