General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance

CISO Thom Langford's Top Tips for GDPR Compliance

Start With ISO 27001 and a Solid Information Security Management System
Thom Langford, CISO, Publicis Groupe

Three years ago, communications giant Publicis Groupe launched its EU General Data Protection Regulation compliance project.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Thom Langford, the company's CISO, says the effort was greatly streamlined by the effort the organization had already put into building out its information security management system and complying with ISO 27001 - the Information Security Management Standard.

"We work in so many different industries, from healthcare to automotive to pure media or government, etc., that actually having that single standard that we adhere to, and then [we] just have to do a little bit of extra work or tweaking to meet whatever bizarre or obscure requirement is required for that particular industry helps immensely," Langford says. "We're not starting from the ground up every single time."

With GDPR, there's still other work that has to be done, including privacy impact assessments and audits. But thanks to adhering with ISO 27001, whenever dealing with a new regulation and the compliance that may be required, "we're already way, way along that journey," Langford says.

"It was more a case of honing and polishing, rather than building from the ground up," he adds.

In a video interview at the 2018 Infosecurity Europe conference in London, Langford discusses:

  • Using ISO 27001 as a baseline for complying with all regulations that have IT, information security or privacy implications;
  • Why complying with regulations - or maintaining ISO 27001 compliance - is an ongoing process;
  • The nuances of GDPR.

As CISO of Publicis Groupe, Langford is responsible for all aspects of information security risk and compliance as well as managing the group information security program. He's also responsible for business continuity capabilities across global operations. An international public speaker and security blogger, Langford contributes to a number of industry blogs and publications. He is also the founder of Host Unknown, a loose collective of three infosec luminaries that makes security education and infotainment films.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.