Skip to content

It’s Time to Get GDPR Ready – Before It’s Too Late

 

Stories

If you are a company or global organisation that conducts business within the EU (including the UK), then the date May 25th, 2018 will mean something to you. This is the General Data Protection Regulations readiness deadline, and it’s approaching fast.

What is the GDPR?

GDPR is a new EU-based regulation that is established to protect the personal data of individuals within the EU. It doesn’t matter where your organisation is established or even the location of its headquarters, you must by law, comply with the GDPR if you collect or process any personal data of EU citizens. To achieve readiness goals, companies are required to implement relevant technical and organisational measures such as controls around data collection and processing.

Here are a few steps to help you on the road to GDPR readiness:

  1. Research to understand exactly what your firm’s responsibilities are in relation to the regulation
  2. Complete a risk assessment on any systems you use for controlling and processing data, including those used by 3rd party providers
  3. Identify the biggest areas of risk and take priority of any systems that hold sensitive personal information
  4. Create an in-depth action plan which lays out the tasks that need to be implemented. You will need to consider all departments, including information management and governance, human resources, legal, marketing etc.
  5. Train your staff, IT team, management, security people, etc. They all need to be aware of what the GDPR in practice means for them and their readiness. This is typically done via workshops and training days to move from being aware to readiness
  6. Search for innovative and specialist technology to choose a solution designed to support your business. Make sure it can facilitate normal workflow while preventing data loss and providing any risk detection analytics.

Other tips include:

  • Ensuring all customer data is continuously and automatically logged in a central repository like Salesforce
  • Ensuring any sensitive enterprise data is not stored on devices.
  • Using data removal solutions to strip all files of sensitive metadata before they are uploaded to the cloud, used in an email, or shared in a browser.

Aim for a simplified approach that ensures readiness and strengthens security, without hindering productivity.

Guy Rubin

Guy Rubin is the CEO and Founder of Ebsta.

Related Posts