Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE

Why the GDPR deadline is not really a deadline, but an ongoing journey

Micro Focus Contributor
Micro Focus Contributor
2 0 2,015

While the GDPR regulations are set to go into effect on the 25th of May, 2018, the work that organizations need to do in order to become compliant doesn’t end there. It requires an ongoing journey of readiness and examination of people, processes, and technology.

Why the GDPR deadline is not really a deadline.jpgBy now, I would imagine that most organizations have taken several steps on their GDPR compliance journey.  These steps likely include:

  1. Understanding and classifying data – What and where is the information that may be subject to GDPR regulations?
  2. Taking action – How do you manage the volumes of sensitive data at-rest, in-motion, and in-use?
  3. Applying policies – How should you best apply and enforce policies to manage information through its lifecycle?
  4. Protecting your data – How do you ensure that sensitive data is protected, stored, and backed up securely?
  5. Documenting your progress – Do you have a map of your data, and have you kept track of your compliance journey along the way?

If your organization has completed all of these steps, then your compliance journey is well on its way. However, that doesn’t mean you can stop there. New data gets added to your systems every day. Hackers come up with new ways of breaking through security. Aging applications and systems can leave organizations vulnerable over time.

Complying with data privacy regulations is an ongoing journey that will require a continuous improvement approach and a diligence pertaining to security and readiness. If you would like more details on the practical things your organization should be doing relative to its GDPR readiness, you can watch our GDPR Webinar series:

Overview: Best Practices for mapping technology use cases to GDPR
Learn how to break down the complexities of GDPR into specific technology use cases, and then learn how to determine your overall readiness to address each one.

Govern: Data Privacy and Policy-Based Governance
Armed with deep insight into customer data, organizations can streamline and drive cost efficiencies into the process of protecting, leveraging, and taking action on this information.

Govern:
Litigation Preparedness
How can I cost-effectively respond to legal matters requiring information under my management?

Identify:
Data Privacy Assessment and Information Risk
Where is the information and sensitive personal data that may fall under these regulations?

Analyze:
Defensible Disposition
How do I identify information for disposition that may be subject to “the right to be forgotten”?

Analyze:
Backup and Recovery of Mission Critical Applications
How do I reduce my overall risk profile?

Act:
Encryption
How do I best ensure sensitive data is protected?

Act:
Breach Detection, Response & Reporting - Is Your SecOps Team Ready?
Can I report a breach within the timeline required by the GDPR?

Secure:
Breach Prevention with Identity Management
How do I best ensure sensitive data is protected, stored, and backed up securely

Remember, compliance is more like a marathon than a sprint with a short finish line (or much-publicized deadline). The above steps should put you in a much stronger position with customers and other stakeholders, as the public’s awareness of how data is managed—and of their related rights—continues to rise in Europe and worldwide.

About the Author
Information Governance, eDiscovery, Legal Technology, Product Marketing, Solutions Marketing
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.