It’s Time to Get GDPR Compliant-Before It’s Too Late
If you are a company or global organisation that conducts business within the EU (including the UK), then the date May 25th, 2018 will mean something to you. This is the General Data Protection Regulation’s compliance deadline, and it’s approaching fast.
What is the GDPR?
GDPR is a new EU-based regulation that is established to protect the personal data of individuals within the EU. It doesn’t matter where your organisation is established or even the location of its headquarters, you must by law, comply with the GDPR if you collect or process any personal data of EU citizens. To achieve compliance goals, companies are required to implement relevant technical and organisational measures such as controls around data collection and processing. Here are a few steps to help you on the road to GDPR compliance:
- Research to understand exactly what your firm’s responsibilities are in relation to the regulation
- Complete a risk assessment on any systems you use for controlling and processing data, including those used by 3rd party providers
- Identify the biggest areas of risk and take priority of any systems that hold sensitive personal information
- Create an in-depth action plan which lays out the tasks that need to be implemented. You will need to consider all departments, including information management and governance, human resources, legal, marketing etc.
- Train your staff, IT team, management, security people, etc. They all need to be aware of what the GDPR in practice means for them and their compliance. This is typically done via workshops and training days to move from being aware to compliance
- Search for innovative and specialist technology to choose a solution designed to support your business. Make sure it can facilitate normal workflow while preventing data loss and providing any risk detection analytics.
Other tips include:
- Ensuring all customer data is continuously and automatically logged in a central repository like Salesforce
- Ensuring any sensitive enterprise data is not stored on devices.
- Using data removal solutions to strip all files of sensitive metadata before they are uploaded to the cloud, used in an email, or shared in a browser.
Aim for a simplified approach that ensures compliance and strengthens security, without hindering productivity.
Attending Dreamforce 2017? Learn more about GDPR and enjoy lunch during the week with Ebsta — reserve your spot today.
This post originally appeared on the Ebsta blog on May 11, 2017.