While the GDPR regulations are set to go into effect on the 25th of May, 2018, the work that organizations need to do in order to become compliant doesn’t end there. It requires an ongoing journey of readiness and examination of people, processes, and technology.
By now, I would imagine that most organizations have taken several steps on their GDPR compliance journey. These steps likely include:
- Understanding and classifying data – What and where is the information that may be subject to GDPR regulations?
- Taking action – How do you manage the volumes of sensitive data at-rest, in-motion, and in-use?
- Applying policies – How should you best apply and enforce policies to manage information through its lifecycle?
- Protecting your data – How do you ensure that sensitive data is protected, stored, and backed up securely?
- Documenting your progress – Do you have a map of your data, and have you kept track of your compliance journey along the way?
If your organization has completed all of these steps, then your compliance journey is well on its way. However, that doesn’t mean you can stop there. New data gets added to your systems every day. Hackers come up with new ways of breaking through security. Aging applications and systems can leave organizations vulnerable over time.
Complying with data privacy regulations is an ongoing journey that will require a continuous improvement approach and a diligence pertaining to security and readiness. If you would like more details on the practical things your organization should be doing relative to its GDPR readiness, you can watch our GDPR Webinar series:
Overview: Best Practices for mapping technology use cases to GDPR
Learn how to break down the complexities of GDPR into specific technology use cases, and then learn how to determine your overall readiness to address each one.
Govern: Data Privacy and Policy-Based Governance
Armed with deep insight into customer data, organizations can streamline and drive cost efficiencies into the process of protecting, leveraging, and taking action on this information.
Govern: Litigation Preparedness
How can I cost-effectively respond to legal matters requiring information under my management?
Identify: Data Privacy Assessment and Information Risk
Where is the information and sensitive personal data that may fall under these regulations?
Analyze: Defensible Disposition
How do I identify information for disposition that may be subject to “the right to be forgotten”?
Analyze: Backup and Recovery of Mission Critical Applications
How do I reduce my overall risk profile?
How do I best ensure sensitive data is protected?
Act: Breach Detection, Response & Reporting - Is Your SecOps Team Ready?
Can I report a breach within the timeline required by the GDPR?
Secure: Breach Prevention with Identity Management
How do I best ensure sensitive data is protected, stored, and backed up securely
Remember, compliance is more like a marathon than a sprint with a short finish line (or much-publicized deadline). The above steps should put you in a much stronger position with customers and other stakeholders, as the public’s awareness of how data is managed—and of their related rights—continues to rise in Europe and worldwide.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.