 GDPR and employee data protection: Cyber security data exampleDeborah Watson and Ryan Millerick Cyber Security: A Peer-Reviewed Journal, 2018, vol. 2, issue 1, 23-30 Abstract: This paper explores the implications of the European Union (EU) General Data Protection Regulation (GDPR) on employee personal data, specific to data elements that might be collected by Information Security (IS) in the effort to protect and defend the environment from data breach and exfiltration. GDPR compliance became effective in May 2018, and many organisations are still working through the strategic complexities of GDPR’s impact on their organisation. Using an example of a phishing assessment data set, the paper traverses the potential challenges that an organisation is likely to face. GDPR further defines sensitive information, and using this phishing assessment data, the paper illustrates a project data flow that defines what data would exist, its sensitivity level, the data owner, the data source, the data use, data retention and destruction considerations, as well as reporting and storage. Keywords: privacy; security; cyber security; e-mail; GDPR; cyber; electronic mail (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2018:v:2:i:1:p:23-30 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.