The principles of cyber security apply extensively to data protection, although in the UK and Europe the legal obligations and protections are much stronger for the data protection officer than for the head of cyber security. This is the opposite in New York, where it is a legal requirement for a New York financial services company to have a suitably empowered CISO (Chief Information Security Officer) that almost perfectly reflects GDPR’s obligation to have a DPO (Data Protection Officer) in certain cases.
