|
AMRAE published its GDPR technical guide in partnership with CGI business consulting. The paper provides risk managers with a guide to implementing the GDPR in France. It covers the basics of the GDPR, but also the role of the risk manager in its implementation.
The guide follows a series of workshops for risk managers run by AMRAE since September on the GDPR. The workshops have covered GDPR-related topics such as the role and skills needed by risk managers to meet its demands, how to carry out gap analysis, training and auditing contractors. The workshops have also covered governance, including the role of the data protection officer, a new role required under the GDPR.
The GDPR is a significant challenge for French companies, especially smaller organisations that may not have the resources to comply, according to Philippe Cotelle, vice-president of AMRAE’s cyber commission and head of Airbus Defence and Space insurance risk management. “The GDPR requires significant investment and not all companies will be able to afford it,” he said.
Surveys suggest that many companies will not be ready for the GDPR by its May 2018 implementation deadline. A survey conducted by Marsh in 2017 found that only 8% of European firms believed they were fully compliant. Mr Cotelle thinks that compliance levels of just 10% to 20% are feasible, although it will be higher among larger companies. Most large French companies have started their GDPR compliance and have set up GDPR working groups, he said.
Risk managers are typically involved in GDPR working groups, helping to identify contractual liabilities. “This is a new element of risk for risk managers to comply with,” said Mr Cotelle.
French companies are already boosting cybersecurity in anticipation of incoming EU legislation, namely the GDPR and NIS Directive, which is also implemented in May 2018.
The NIS Directive will build on cybersecurity under the French Military Programming Law and will expand the number of companies that must report to the French national cybersecurity agency ANSSI, he said.
Full article on Commercial Risk (subscription required)