Governance, Risk and Compliance

GDPR Assessment Provides Customized Guidance

Author: Dimitriadis Christos, TK, TK
Author: Dimitriadis Christos, chair, ISACA GDPR Working Group

Although we are less than two months from the European Union’s General Data Protection Regulation (GDPR) compliance deadline of 25 May, many organizations are not yet confident in their level of preparedness for this landmark new data privacy regulation.

If that concern applies to you and your enterprise, know that you are in good company. Many of your colleagues across the globe are in a similar position, still working diligently to make the needed headway to be in solid position once GDPR takes effect.

Another reason not to panic: ISACA is here for you. Our new GDPR Assessment helps users and their enterprises identify gaps in their GDPR readiness and offers guidance on how to resolve those gaps. It provides customized output of areas in which your enterprise needs to focus and provides the opportunity to retake the assessment later after implementing the initial guidance.

The complimentary assessment was powered by the contributions of leading global security and privacy experts and includes gap analysis expertise from CMMI Institute. The tool is part of ISACA’s ongoing commitment to help our global professional community prepare for GDPR; if you have not recently viewed ISACA’s frequently updated array of resources on the topic, I encourage you to visit

After such a long buildup, it is hard to believe that we are now less than two months away from the deadline. GDPR compliance should be seen as a business opportunity, rather than a roadblock. GDPR is not a checklist to be completed, separate from the enterprise’s core functions and capabilities. Instead, complying with GDPR needs to be a basic, foundational element of the organization’s operations, capabilities and decision-making. It requires a level of cross-functional collaboration that will serve the enterprise well long beyond the compliance deadline.

It will be fascinating to watch how data privacy regulations around the world evolve in the coming years. As the world becomes acclimated to conducting business with the EU in the era of GDPR, expect other nations to develop similar policies in an effort to deal with universal challenges in data protection and data privacy.

I fully expect the ISACA professional community to demonstrate leadership in embracing the challenge of helping their enterprises adjust to the new regulatory environment. GDPR represents an excellent opportunity to put our enterprises on stronger footing and better serve our customers.

Christos Dimitriadis is chair of the ISACA GDPR Working Group. Read more ISACA blogs here.