General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy
Wearing Two Hats: CISO and DPO
SBE Global's Gregory Dumont Describes His Two RolesWhat's it like to serve in the dual roles of CISO and DPO? Gregory Dumont, who has both responsibilities at SBE Global, a provider of repair and after-sales service solutions to the electronics and telecommunication sectors, explains how the roles differ.
While a CISO looks at risks from a business, financial and operations point of view, a DPO, or data protection officer - a role required under the European Union's General Data Protection Rule - looks at the same risks from a data subject's (consumer) point of view, Dumont, who is based in the U.K., explains in an interview with Information Security Media Group.
In his DPO role, Dumont says, he considers such questions as: "What are the risks in terms of the loss of privacy and loss of freedom from a data subject's point of view?"
As CISO, Dumont faces the challenge of managing multiple vendors under strict GDPR regulations. "We have suppliers; we have customers. Sometimes my customers are also my suppliers. You have to make sure that you have contracts that cover all of these interactions. And you have to also make sure that your suppliers have the same level of security and data protection safeguards as you do," he says.
In this interview (see audio link below image), Dumont discusses :
- His daily tasks as a CISO and DPO;
- The challenges of managing dual roles and how they overlap;
- The practices he's put in place to manage third- party risks.
Dumont is the DPO and CISO for SBE Global, which offers repair and after-sales service solutions to the electronics and telecommunication sectors with facilities in seven nations. He has spent over a decade managing IT teams and building software products for network carriers, telecom OEMs and service providers.