With roughly six months to go before the GDPR enforcement deadline, Petter Nordwall and Anthony Merry of Sophos says it's time for organizations to assess whether "They need to panic a little, or they need to panic a lot."
Nordwall, the director of product marketing, and Merry, director of product management, weigh in on what organizations need to do to ensure they are in compliance when the European Union starts enforcing its General Data Protection Regulation, starting May 25, 2018.
"Readiness varies by geography, organization size and whatever vertical the organization works in," says Nordwall. "Overall, it's about the fines. It's about a very big stick to the carrot that has gotten people to start thinking about what data they hold and collect."
It's about risk, says, Merry, and organizations need to consider the downside of failing to comply with GDPR - whether that downside manifests as a breach or as an enforcement action. "You don't want to be patient zero - you don't want to be the first one to have a breach and have the European Union come after you with the first fine."
In an interview about GDPR readiness, Nordwall and Merry discuss:
- The global state of GDPR readiness;
- The areas where organizations struggle most to comply;
- The must-have policies and controls for data collection, security and deletion.
Nordwall looks after product marketing for the mobile and encryption products at Sophos, and focuses on crafting its mobility and encryption story to make it as clear and as compelling as possible. Before joining Sophos almost four years ago, he racked up more than 25 years of software industry experience with companies ranging in size from global vendors to start-ups.
Merry joined Sophos in February 2014 as Director of Product Management for Sophos' Data Protection and Mobile products. He is an 18-year Product Management veteran, with the last 12 years specializing in Data Protection. Immediately before joining Sophos, he worked for McAfee/Intel. In this role, he was the Group Product Manager responsible for the Data Protection products, guiding the products through a constantly changing industry.