EFFECTIVENESSGDPR ARTICLE 32

BACKGROUND

KAI ROER, CEO AND CO-FOUNDER OF CLTRE

▸ Ron Knode Service Award, National Cybersecurity Institute (DC) Fellow

▸ 20+ industry exp. 40+countries, 4 books, awards +++

▸ Creator of The Security Culture Framework and the global Security Culture Community

▸ Focus area: Soft-skills with Psychology, Sociology and Social Behaviour

▸ https://roer.com - @kairoer

A CHALLENGE?MEASURING CULTURE

VANITY METRICS▸ Looks nice - says little (new)

▸ Checkbox compliance

▸ No information about culture

▸ Not useful for meaningful discussion

▸ Not helpful for improvements

▸ Says nothing about effectiveness (as required by Article 32)

THE CLTRE TOOLKIT

THE CHALLENGE OF MEASURING CULTURE

LEARNING ABOUT CULTURE STARTS WITH PEOPLE

▸ Psychological measures

▸ Self-assessments

▸ Experiments

▸ Sociological measures

▸ Analysing communication

▸ Social Anthropological measures

▸ Observation and comparison

MEASURING WHAT MATTERS▸ Full compliance focus

▸ Use for strategic and tactical advancements

▸ Measures the effectiveness of your programme

▸ Measure real security behaviours and change (avoiding vanity metrics)

▸ As required by GDPR Article 32

THE CLTRE TOOLKIT

BETTER INSIGHTS REDUCE RISK▸ EU to issue fines on negligence

▸ Insurance to expect documentation

▸ Litigation to require documentation effectiveness of measures

▸ Reduce risk by measuring what matters - today!

THE CLTRE TOOLKIT