RESOURCE GUIDE

1 2

4

5

8

10

11

12

Table of Contents

Introduction, Heidi Maher, Executive Director, CGOC

“If GDPR Doesn’t Start With Information Governance, You’ll Probably Fail” from Forbes Technology Council

CGOC’s GDPR Study - Why Are So Many Organizations Not Ready?

Implications: Organizational and Responsibility Gaps

“Stop Dragging Your Feet: GDPR Compliance Can Make You More Competitive” from Corporate Compliance Insights

“Five Essential Steps to GDPR Survival” from Infosecurity Magazine

Webinar, “Cross-Border Information Governance: Setting Yourself Up for Compliance” from Bloomberg BNA

Appendix: Profile of Respondents

Dear Colleague,

The EU’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018 impacts any company with customers or employees in the EU. Despite its global applicability, the recent CGOC Top Corporate Data Protection Challenges survey found only 6 percent of organizations felt ready for GDPR compliance. No wonder the UK government recently issueda warning about the lack of GDPR-readiness.

This surprising circumstance indicates that too many organizations simply don’t prioritize compliance, which is unfortunate because the same processes that support compliance also improve business efficiency and competitiveness as well as litigation readiness.

Today’s enterprises must work with ever- greater amounts of data in a greater variety of formats from an increasing range of sources. To use this data for business analytics that can explain the past, predict the future and satisfy today’s complex data protection and privacy regulations, these organizations must first create a UnifiedGovernance framework. Such a framework will enable them to better understand the value and location of data, improve its quality, comply with regulations - including the GDPR - and mitigate risks.

The CGOC can help organizations with their Unified Governance journey. Since 2004, we have developed resources and hosted events to help our members mature their governance programs and overcome other complex information challenges. Our seminal Information Governance Process Maturity Model, reference guides, webinars and meetings are vital resources regularly consulted by some of the world’s top organizations.

For more information on the CGOC and becoming GDPR ready, visit the CGOC website and consider becoming a member.

Warm regards,

Heidi MaherExecutive DirectorCGOC The Council www.cgoc.com

1

2

Most discussions regarding the EU’s impending General Data Protection Regulation (GDPR) -scheduled for implementation in May 2018 -- focus squarely on consent management (i.e., making sure organizations have permission to use the data they are collecting and processing). This focus certainly makes sense. Consent management is critical to organizations’ abilities to continue doing business as usual in the face of the new regulation. However, as data collection and processing continue to soar - and there are no signs the consent requirement will slow data growth - organizations are increasingly challenged to secure the data they process, as required by Article 32 of the regulation.

Most organizations interpret Article 32 as a requirement to encrypt personal data, but the challenge is actually much broader, requiring a strong information governance (IG) foundation that enables organizations to identify where personal data exists and the risks associated with it.

GDPR Processing Security Requirements

While pseudonymization and encryption of personal data are priorities under Article 32, the article actually requires “measures to ensure a level of security appropriate to the risk.” This means organizations must be able to assess the risk associated with different types of data in different data stores. Further, even if a company chooses to encrypt all data, Article 32 requires the company to ensure the availability and resilience of processing systems and to be able to quickly restore availability and access to personal data should these be lost.

Beyond these risk assessments and measures, secure processing includes preventing accidental or unlawful destruction or loss, which can occur whether or not the data is encrypted, as well as preventing unauthorized alteration, access or disclosure, which can certainly occur to encrypted data if the wrong people or organizations (such as a supply chain partner) have access to the encryption key.

So satisfying Article 32’s requirements to secure processing (not to mention Article 5’s retention limitations on personal data and Article 17’s right to have personal data erased) requires a comprehensive understanding of what information assets exist, their value and location and who has access to them.

This is the function of the next generation of information governance - known as unified governance. The overarching principles of a UG program include:

• Policy management across the entire enterprise: There can be no information stores sittingbeyond the domain of the master data map.

If GDPR Compliance Doesn’t Start With Information Governance, You’ll Probably Fail

Written By: Heidi Maher, CGOC Executive Director

2 3

• Participation by all information stakeholders in the program: Representatives from legal,records, compliance, security, HR, lines of business and IT consistently meet and work togetherto ensure the needs of each are considered. There must also be strong executive managementsupport to ensure universal participation and long-term funding.

• Elimination of information silos: All the information stores across the enterprise should beaccessible and managed through a single automated and auditable process.

• Identification of data value: High-value data actively used by the enterprise is differentiatedfrom redundant, outdated or trivial data. Business users and compliance officers should haveready access to high-value data and spend no time sifting through debris to find it.

UG And GDPR

Many of the specific processes of a UG program support GDPR compliance. For example, a UG program includes a set of processes to help information stakeholders identify the information assets relevant to them, along with their value and location. As this information becomes codified into the program, it becomes possible to automatically track the information’s lifecycle - a key requirement for securing processing.

Tracking and controlling user access to information are other important processes within a UG program. Fundamental to GDPR compliance, these processes are also critical to reducing risk in a number of other areas such as IP theft, data breaches by disgruntled and former employees and low productivity and competitiveness arising from uncontrolled access to information. Additionally, this insight allows legal and compliance teams to work together to ensure data is properly secured during legal and regulatory discovery events.

One of the most important ways a UG program supports GDPR compliance is through a defensible disposal program that automates the elimination of all information with no legal, compliance or business value. The more information we collect, the more data debris we end up with. This debris has no current value but increases storage costs, makes finding valuable information harder and often leads to unwanted and unnecessary disclosure in response to an e-discovery request. A defensible disposal program can eliminate debris while also supportingthe erasure requirements of the GDPR. Just as important, by reducing the total amount of dataan enterprise maintains - estimates put the amount of digital debris at 65% of enterprise data- defensible disposal can dramatically reduce the overall burden on the GDPR compliance team.

The CGOC has developed the “Information Governance Process Maturity Model” to help organizations understand the strategies, processes and technologies required for an efficient governance program. Other important resources include the Electronic Discovery Reference Model (EDRM) and the Information Governance Reference Model (IGRM).

As the May 2018 implementation of the GDPR looms, it is essential that organizations look at the maturity of their information governance program as a foundation of GDPR readiness.

This article was first published on Forbes Technology Councilwww.forbes.com

In late 2017, the CGOC launched a survey of 132 corporate governance practitioners from around the world and across multiple industries to determine the level of GDPR readiness in their organizations.

For more than two years industry leaders, vendors and governments have warned organizations that GDPR could impact them and that compliance was not a simple proposition. Despite this, we had anecdotal evidence that many companies were not launching GDPR-readiness programs.

The Top Corporate Data Protection Challenges survey was an opportunity to gather some hard data. Even given our suspicions, the survey results surprised us. The gap between whatorganizations know they need to do and what they are actually doing is staggering.

In the following pages, we examine who the survey participants are and what their responses tell us about the state of data security and privacy regulation compliance.

The headline? Most businesses are not ready.

Why are so many organizations not ready?

CGOC GDPR Study

4

According to the Top Corporate Data Protection Challenges survey, only 6 percent of respondents felt their organizations were ready to comply with the GDPR - and these organizations face many other dataprotection and management challenges as well.

While this rather shocking lack of preparation can be explained in part by another surveyresponse - that many executives allow day-to-day operations to take precedence over compliance - the challenges to data protection are both broader and deeper.

How would you describe the data protection risk/compliance appetite of your executives?

Where is your organization in the processof defensible disposal of Redundant Obsolete and Trivial (ROT) data?

Operational & cost considerations sometimes overridecompliance

Security & compliance override everything else

5.9% Already compliant

Implications: Organizational and Responsibility GapsWhat is the status of your effort to comply with the upcoming EU General Data Protection Regulation (GDPR) in your organization?

39.7%

19.1%

27.9%

Have made some progress, but there is more to do

Unsure how it affectsmy org.

8.9%Don’t know where to find support

39.7%

Have notstarted

50%

Balanced

33.8%

16.2%

4 5

44.1%

32.4%

19.1%13.2%

22.1%Not sure

39.7%

Making changes in anticipation

Have done an assessment

Don’t believe it applies

4.4% Defensible disposal has been a priority & ROT has been significantly reduced

The two biggest roadblocks to GDPR compliance were believed to be poor datadisposal practices and being unable to demonstrate compliance (i.e., survive an audit). Best practices around data disposalpractices have been an area of concern fororganizations for over a decade. This response indicates that despite the awareness and concern, confidence in enterprise data disposal practices remainslow.

Similarly, while 85 percent say fine-tuning a defensible disposal program would benefittheir data protection initiatives, 40 percent have not even started one.

The survey sheds light on another area where there is a significant gap between knowledge and action: data lineage. Although most respondents understand the value of data to their organizations, 41 percent have no system in place to determine the origin and quality of that data, and only 3 percent have fully automated processes related to data quality and lineage with audit trails toensure accuracy.

Do you believe fine-tuning your organization’s defensible disposal program will assist in current and future data protection initiatives?

Where is your organization with regard to understanding data quality and lineage?

85.3% Yes

85.3%Yes

14.7%27.9%

3% Data quality management processes are fully automated

Individual business units are charged with ensuring quality of data

27.9%

Management is involved in data qualityassessment & strategy

Agree data can be valuablebut no system exists to gauge origin and quality ofdata

41.2%

Yes

No

Which GDPR requirement will create the most issues for your organization?

33.8% Demonstratingcompliance

29.4%Poor data disposal

27.6% Restriction on transfer orpersonal data

25% Right to be forgotten

20.6% The pseudonymization & encryption of personal data

19.1% Explicit consent

17.6% Breach notificationwithin 72 hours

14.7% Appointment of Data Privacy Officer

10.3% Networkconnections with serviceproviders or clients

6

Inconsistent management is also a challenge. According to the survey, responsibility for GDPRcompliance is spread among several different organizational roles. Particularly troubling is that nearly 37 percent of respondents chose “Other.” Who are these individuals and what is their background? This inconsistency leads to different frames of reference regarding the importance of the compliance mission, the risks associated with data privacy and compliance failures, the prioritizing of readiness tasks and projects, and the ability to achieve results.

Who is the executive sponsor responsible for GDPR compliance in your organization?

0

5

10

15

20

25

30

35

40

Third-Party Provider

CDO

CSO

General Counsel

DPO

Other

The Uber breach is a good example of what can happen when the privacy responsibility is poorly distributed and not in the hands of a fully independent Chief Privacy Officer. Inconsistency can also explain the wide variety of responses to questions about which GDPR requirements will create the most issues for the organizations and where organizations are most vulnerable to data theft, loss or exposure.

A final revealing area of the survey is training. Despite the increasing awareness of the threats to data and the potential for financial and reputational damage to organizations, only 57 percent of responding organizations train staff on data protection compliance, and only 25 percent conduct regular training with audits. One-time training without reminders and audits will do little to reduce the risks of significant fines under GDPR.

It’s clear that despite all the threats, data protection and regulatory compliance have limited resonance at the highest levels of many organizations.

32.4%

25%

7.4% Not sure

16.2%

19.1%No

Does your organization train and audit staff on data protection compliance using the data protection rules that apply in your organization?

Upon hire

6 7

Regulartraining, no audit

Regular training & audit

And it all starts with a Unified Gover-nance program that provides a single, centralized view of all information across the enterprise and that auto-mates critical information manage-ment processes.

MOST ORGANIZATIONS ARE MISSING THE BOAT

The GDPR harmonizes the various data protection laws in the EU that arose following the adoption of the European Data Protection Directive in 1995, which created only mini-mum standards around protecting the personal information of citizens and residents. Unlike the Directive, the new regulation also applies to all companies processing personal data of anyone residing in the EU, regardless of the company’s location.

This means companies around the world must comply if they want to do business in the EU. Additionally, the

consistency of the GDPR across the EU will likely lead to more consistent enforcement and penalties.

To successfully comply with the GDPR, organizations must know the type, value and location of the infor-mation they store, and they must be able to delete, change or provide infor-mation as required by the regulation. Yet Top Data Protection Challenges, a survey conducted by the CGOC, indi-cates that most organizations are not ready. The survey of 132 compliance officers from organizations around the world and across multiple industries revealed the following:

• Only 6 percent of respondents feeltheir organizations are compliantwith GDPR requirements. Mostorganizations are also concernedabout an inability to demonstratecompliance and revealing theirpoor data disposal practices.

• More than a third of executives, 34

According to a recent global CGOC survey of compliance officers only 6 percent of respondents felt their orga-nizations were ready to comply with the regulation. The survey also reveals that these organizations face many other data protection and manage-ment challenges. This article discusses the findings of the survey.

One possible explanation for the lack of progress – as suggested in the sur-vey data – is that many executives are too focused on day-to-day operations to worry about preventing a poten-tial compliance problem down the road. But whether the lack of progress is caused by a mandate to increase earnings, a focus on improving the customer experience, or some other time-sensitive initiative, executives must understand that GDPR compli-ance isn’t just about risk reduction and cost avoidance. The very same capabil-ities, strategies and technologies that enable GDPR compliance will help companies meet all their other busi-ness goals, including becoming a more efficient, more competitive organiza-tion.

A GDPR-Readiness program with a Unified Governance foundation can increase productivity while reducing costs and risk.

By Heidi Maher, Executive Director, CGOC

December 2017

Stop Dragging Your Feet: GDPR Compliance Can Make You More Competitive

8

percent, will sometimes let opera-tional and cost concerns override compliance with data protection regulations.

• Only 57 percent of organizationstrain staff on data protection com-pliance, with only 25 percent doingregular training and

• Despite all the data breach head-lines, 50 percent of respondentsidentify internal staff and practicesas the biggest security threat vs. just38 percent who choose externalhackers. Notably poorly classifiedcontent is the third highest con-cern.

• One of the biggest surprises is thatalthough 85 percent of respondentssay fine-tuning a defensible dispos-al program will benefit data protec-tion initiatives, 40 percent have noteven started one.

GDPR, UNIFIED GOVERNANCE, & INCREASED COMPETITIVENESS

Why are organizations so ill-prepared when it comes to GDPR-readiness and other data protection and management challenges? Most likely because the frame of reference for these challenges is around the “potential” for breaches and fines. And it’s difficult to deal with potentials when the realities of increas-ing revenue and improving customer service are so pressing.

But by solving the GDPR-readiness challenge, by arriving at a full under-standing of the value and location of information and improving the ability to manage data deletion, organizations can provide new opportunities for every other information stakeholder:

• Executives can make better deci-sions based on the analysis of onlythe most relevant, high-qualityinformation.

• Sales, marketing and customer ser-vice teams can increase their effec-

tiveness and strategies by accessing consistent, up-to-date customer information.

• Product design and productionteams can increase efficiency andaccuracy by accessing reliable, up-to-date supplier and logistics data.

• Security teams can more quicklyand easily identify the high-valueand sensitive information theyactually need to protect.

• Legal teams can more efficientlyrespond to retention requests whileeliminating the risk of turning overmore information than necessaryduring e-discovery.

Once businesses recognize the tre-mendous value across the enterprise of GDPR-readiness, the obvious question is how to get there. The answer is a comprehensive, Unified Governance program.

The key principles of a Unified Gover-nance program include:

• Participation by representativesfrom all information stakeholders,including Legal, Records, Compli-ance, Security, HR, lines of businessand IT, along with strong executivemanagement support to ensure uni-versal participation and long-termfunding.

• Comprehensive and inclusive infor-mation policy management acrossthe entire enterprise using a MasterDatamap.

• Elimination of information silos toincrease accessibility and facilitatemanagement through a single auto-mated and auditable process.

• Differentiation of high-valueactively used data from redundant,outdated or trivial data.

The last bullet, which cannot occur without accomplishing the first three, is particularly important to GDPR read-iness and increasing competitiveness. Only through this differentiation can

the compliance team and business users gain ready access to high-value data without spending time sifting through “data debris.”

Differentiation also enables the cre-ation and maturing of a defensible data disposal program that automates the elimination of this debris, that is, all information with no legal, compliance or business value. The CGOC estimates that 69 percent or more of enterprise data is debris, so a defensible disposal program not only significantly reduces the burden on the GDPR compliance team, but also directly contributes to all the other hoped-for business benefits.

GDPR compliance is the headline, but a more competitive business that increas-es sales, reduces costs and minimizes risks is always the aim. By understand-ing that the underpinning of GD-PR-readiness is a Unified Governance program that helps accomplish all these goals, organizations can more easily jus-tify the required investment. For more information about how to launch and mature a Unified Governance program at your organization, visit www.cgoc.com.

Heidi Maher is an attorney and a legal technology specialist who has advised hun-dreds of organizations on information gov-ernance around data

security, compliance and eDiscovery. She is the Executive Director of the CGOC, a forum of over 3,600 legal, IT, records and information management profession-als from corporations and government agencies. For over a decade, CGOC has been advancing governance practices and driving thought leadership across the industry. Previously, she was a legal subject matter expert for a fortune 150 technology company, a felony prosecutor, a litigator and an assistant state attorney general. Heidi is a Certified Information Privacy Manager.

9

Written By: Eckhard Herych

We are now less than a year away from the implementation of the European Commission’s GeneralData Protection Regulation (GDPR) on May 25, 2018, and the stakes for companies are high.First, the GDPR “applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location”.

Second, non-compliant organizations can face devastating fines as high as four per cent of the annualglobal turnover or €20 million, whichever is higher. Third, preparing to meet the requirements of the GDPR cannot be done overnight simply by deploying security software, which, unfortunately is where too many GDPR response discussions start.

The good news is that companies that begin now can make tremendous progress toward creating a data infrastructure that dramatically reduces the likelihood of GDPR non-compliance and that minimizes the financial impact even if something goes wrong. Here are the five key steps organizations must take toget ready.

Unify data management strategically

In the face of the GDPR, other evolving regulations, and advances in technology, data management andgovernance practices must be unified and auditable across all geographies and lines of business, andacross on-premises, private cloud, public cloud, and hybrid infrastructures. The first step to achieving this is recognizing that every executive, manager and user has a stake in data management. C-levelchampions are essential, and CIOs, CDOs, and privacy officers must take the lead. This initiative mustdirectly connect the data management, information security, legal and information governance teams, along with the lines of business.

Locate and understand the flow of all data

Stakeholders must work together to locate all data stores with collected information (such as customerdata), created information (such as work product that might include customer data), and derivedinformation (such as the results of analytics and machine learning that might include customer data).

They must understand the flow of information – the movement of data in business processes across multiple stakeholders (such as corporate counsel, strategic partners, etc.) and systems (such as legacysystems, cloud service providers, PCs, BYODs, etc.). Data mapping is an essential tool to create a visualdepiction of how personal information flows across systems and devices as part of business processes. The map can include an overlay of GDPR requirements. In fact, the careful analysis of data flows inbusiness processes is an essential component in our GDPR readiness assessment activities to ensure that our clients gain a sound understanding of their information landscape.

Five Essential Steps to GDPR Survival

10

Five Essential Steps to GDPR Survival Written By: Eckhard Herych, CGOC Faculty Member

We are now less than a year away from the implementation of the European Commission’s General Data Protection Regulation (GDPR) on May 25, 2018, and the stakes for companies are high. First, the GDPR “applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location”.

Second, non-compliant organizations can face devastating fines as high as four per cent of the annual global turnover or €20 million, whichever is higher. Third, preparing to meet the requirements of the GDPR cannot be done overnight simply by deploying security software, which, unfortunately is where too many GDPR response discussions start.

The good news is that companies that begin now can make tremendous progress toward creating a data infrastructure that dramatically reduces the likelihood of GDPR non-compliance and that minimizes the financial impact even if something goes wrong. Here are the five key steps organizations must take to get ready.

Unify data management strategically

In the face of the GDPR, other evolving regulations, and advances in technology, data manage-ment and governance practices must be unified and auditable across all geographies and lines of business, and across on-premises, private cloud, public cloud, and hybrid infrastructures. The first step to achieving this is recognizing that every executive, manager and user has a stake in data management. C-level champions are essential, and CIOs, CDOs, and privacy officers must take the lead. This initiative must directly connect the data management, information security, legal and information governance teams, along with the lines of business.

Locate and understand the flow of all data

Stakeholders must work together to locate all data stores with collected information (such as customer data), created information {such as work product that might include customer data), and derived information (such as the results of analytics and machine learning that might in-clude customer data).

They must understand the flow of information - the movement of data in business processes across multiple stakeholders (such as corporate counsel, strategic partners, etc.) and systems (such as legacy systems, cloud service providers, PCs, BYODs, etc.). Data mapping is an essential tool to create a visual depiction of how personal information flows across systems and devices as part of business processes. The map can include an overlay of GDPR requirements. In fact, the careful analysis of data flows in business processes is an essential component in our GDPR readiness assessment activities to ensure that our clients gain a sound understanding of their information landscape.

11

This article was first published on Infosecurity Magazine www.infosecurity-magazine.com

Evaluate all data

Only with the ongoing efforts of the first two steps can stakeholders evaluate the purpose or use of data and the regulatory obligations associated with it. Business users need to understand the value of the information they use to the organization. This is essential to help-ing all the key stakeholders (CIO, CDO, Privacy Officer, Legal, and InfoGov) assess:

What information is subject to GDPR?• If data must be preserved, for how long? Is there a conflict between preservation

requirements and GDPR requirements? If so, how will it be resolved?• Is some data of “Legitimate Interest” to the organization for possible exemption from

certain GDPR requirements (for example, GDPR Article 6 Lawfulness of processing)?• Has consent been obtained for the intended use of the information (GDPR provides

clear requirements and conditions to gain and establish consent)?

Dispose of all disposable data

Now that value has been assessed, it is possible to get rid of all data that has no business, legal or regulatory value, as well as all data that must be deleted to comply with the GDPR. In addition, now that IT knows where all the data is located, it is possible to ensure the proper deletion of all relevant data. This is critical to minimizing the impact of breaches and GDPR non-compliance. Moving forward, the deletion of obsolete data must become an integral part of operations to ensure that companies dispose of records or data in a controlled, legally defensible fashion.

Protect what’s left

This is where most GDPR preparation discussions start, but only after following the first four steps is it actually possible to:

• Properly track the collection and movement of data• Effectively control access to sensitive and private data• Knowledgeably employ the most appropriate vendor security solutions, such as firewall,

anti-virus, anti-phishing, etc.• Automate disposal• Provide employee training on data protection and privacy that has a chance of being

effective• Prepare for crisis management• Establish processes and procedures to enable the organization to react to inquiries by

authorities or individuals within the time frames defined in the GDPR

The inevitable GDPR time bomb is going off soon, and doing nothing to prepare for it beyond some new security measures and training is a recipe for costly data disasters. A real preparation effort will take time, and the sooner you start on this iterative journey, the better the position your organization will be in to avoid GDPR penalties or a least minimize their impact.

Cross-Border Information Governance: Setting Yourself Up for Compliance

This CGOC-hosted, 60-minute on-demand webinar provides a detailed and thoughtful discussion among a panel of GDPR and privacy experts. The panelists discuss a range of international data protection regulations and mechanisms for international data transfers.

The webinar provides a great opportunity to hear firsthand:• Risks that arise when controlling and processing personal data• Myths associated with GDPR• How to develop an effective Unified Governance plan to support cross-border

GDPR compliance• Tips for setting up internal systems to properly protect data

Watch the On-Demand Webinar on the CGOC YouTube channel

11

0

5

10

15

20

25

30

35

TelecomGovt.EnergyHealthcare & Pharma.

Manufacturing

Retail, Real Estate& Transportation

EducationFinanceOtherIT

Appendix: Prof ile of RespondentsOur survey includes data from over 132 compliance officers from organizations around the world and across multiple industries.

29.4%

26.5% IT22.1%

13.2%Legal

10.3% Data Security

Respondent Job Function:

29.4%

26.5%22.1%

23.5%

Data Privacy/Privacy

Organization size (employees):

29.4%

26.5%

23.5%22.1%

13.2%

OvUnder 500Industry:

30.9%

22.1%

14.7%

10.3%

4%2%

1%

6% 5%

7.6% 5,001-10,000Compliance

13.2%Records

Other

IT

14.5%

54.4%

5,00-5,000

Over 10,000+

Under 500

23.5%

4%

12

Regions of Operation:

44.1% Worldwide

23.5% Multiple Regions

32.4% Home Country

Appendix: Prof ile of Respondents cont.

13

34.8%

32.5%

14.7%

6%4%

2%

Region:

4%

2%

Headquarters:

32.4%

39.7%

14.7%

7%

3.2%

1%

1%

1%

U.S.

EU

UK & Ireland

Non-EU, Russia

Australia

Middle East, Africa

Asia

Canada

U.S.

EU

UK & Ireland

Non-EU, Russia

Australia

Middle East, Africa

Asia

Canada

RESOURCE GUIDEThrough in-person events, executive meetings, webcasts, surveys and reports, CGOC helps executive leaders share ideas and advice with peers in an open and collaborative forum. Founded in 2004, CGOC fills the critical practitioners’ gap between the EDRM and The Sedona Conference. Its charter is to create a forum that provides executives with the insight, interaction and information they need to make good business decisions. Join the CGOC Community!

About CGOC