General Data Protection Directive Initiatives
The European General Data Protection Regulation (GDPR) promises
to be the most important data security drivers ever, not only across
the region but around the world.
In May, the association held a conference in Luxembourg to explain
the implications of the new regulation, and how members there can
better serve the needs of current and prospective customers.
In June, NAID followed up the conference by releasing a GDPR-compliant “Processor” contract, which will be required between all
data controllers (customers) and processors (data-vendors). This
will allow NAID members in the region, as well as those working
with customers doing business in Europe, to offer their clients
compliance solutions before the May 18 deadline next year.
Australian Protective Security Policy
In September, NAID entered into an arrangement whereby its
certification audits will be used to verify compliance with Australia’s
Protective Security Policy Framework (PSPF). Meaning those who
meet the requirements of the PSPF endorsement, will be authorized
to destroy “Official Information” - a specific classification used
by the national government to designate sensitive information.
More than just an affirmation of the quality of NAID’s audit regime,
the arrangement eliminates the former accreditation used in the
country for this purpose, eliminating a source of confusion for
The fact that NAID Certification added a customized endorsement
specifically for the Australian authorities also opens the door to the
idea of the association adding specific data security endorsements
for other governmental organizations.
NAID Testifies Before Canadian Parliamentary
In October, NAID Director Kristjan Backman testified before
Canada’s Parliamentary hearings on the country’s review of its
long-standing Personal Information Protection and Electronic
Document Act (PIPEDA). Like regulators around the world,
Canadian legislators are particularly focused on how the Europe
GDPR renders the country’s current data protection laws obsolete.
Backman’s appearance marks the fourth time
NAID has been invited to testify before a
Canadian Parliamentary committee on the
development and impact of data protection
It’s worth pointing out too, that there were
some major improvements in the area of NAID
administration and governance over the past year.
First Vendor Director: In March, NAID members ratified a bylaws
amendment that created a Director post on the NAID board that
is held by a vendor representative. Shortly after, Vlad Vasak of K2
Partners was appointed to serve as the first in this role.
Member Profile Portal: At the beginning of 2017, NAID launched
the electronic portal through which members could manage their
profile, permissions and conference registration.
NAID AAA Certification Application: The final component of
the membership management portal launched just last month,
allowing most members to renew their NAID AAA Certification
online. After initially renewing electronically, the online application
will automatically populate the previous year’s information moving
forward. Some certifications, such as multi-location, are yet to be
Shred School 2017: Now over fourteen years in existence, this
year marks Shred School’s fifth year under NAID’s ownership and
management. The program remains the most convenient and
cost-effective way for members to provide subject-specific industry
training on sales, regulations, and operations. Over 750 industry
professionals have attended Shred School in the five years since
NAID has taken it on the road.
Looking to 2018
With the wind at our backs from 2017 and never at a loss for
ambitious goals, the NAID Board of Directors and NAID Committees
have plenty in store to keep NAID and industry initiatives on a solid
course for 2018.
The Information Disposition Textbook (2018)
This article led off talking about the Information Disposition
textbook and so it’s fitting we look at the association’s plans for
it next year. While we already mentioned the use of the book at a
major university, there are many other programs designed to get
the publication greater exposure.
Barnstorming: In 2018, NAID CEO Bob Johnson will be on the
road much of the year, explaining to records managers, security
professionals, risk managers and facilities managers how the book
can help their organizations write compliant contracts and RFPs,
develop internal policies, select vendors and prevent expensive
legal discovery. The calendar for such appearances will
be announced to members and encourage their
attendance. Members with potential speaking
opportunities should contact kmartinez@
naidonline.org, as we are currently
planning Johnson’s travel itinerary.
continued on page 14
Past is Prologue