4 GDPR Hurdles to Prepare For


In the second installment of our 5 Things to Know for 5/25 blog series, we’re talking about how to prepare for, prioritize and tackle your GDPR hurdles.

Compliance with GDPR means taking a long look at procedures and processes around how you handle sensitive data for European Union residents. Inevitably, things pop up that you don’t expect or that you didn’t prepare for. For example, you could be surprised by the number of different places where customer data lives in your organization, and these could all be potential risks for GDPR violations.

However, with the right approach, you can be ready to handle what this fundamental shift in data privacy and protection may toss in your direction.

From breach response to risk management here are some tips from our GDPR experts on how to handle four significant potential hurdles you may face in your compliance journey:

Hurdle #1: Data Breach

The biggest hurdle to overcome is the inevitable data breach. Under GDPR how you handle a breach will be paramount to your organization. Having a response plan in place is critical. Your plan must include how you will investigate and understand what has happened but also how to keep your organization functioning.  When responding to the incident, be as transparent as possible. This will buy you time and good-will, but don’t forget the 72-hour notification requirement.  

Hurdle #2: What is “personal data”?

Companies often accumulate large amounts of data all over the place without thinking about what’s considered to be “personal data”. Understand what GDPR considers to be “personal data” (remember, context matters), and find out all the places where this data resides. Unless something has business value, or you have a legal or regulatory requirement to keep it, you might want to consider deleting it.

Hurdle #3: Subject Access Requests

Subject Access Requests enable any data subject to request what personal information a company holds on them. This means you must be able to deliver requested personal data in a readable, portable format. Be sure you have a plan in place to address these requests in a timely, efficient fashion and that you can supply the results securely to the data subject.

Hurdle #4: Risk Management

Don’t try to tackle all your data at once. First, focus on the top risk areas and those most visible. For example: if you have a website, focus on that, including how you collect and store personal data and ensuring privacy statements are up-to-date; email holds vast amounts of personal data and is the number one source of cyber-attacks -  so can be a big risk if not prioritized; if you’re tracking through social media, this should be an area of priority too. Without understanding potential vulnerabilities and assessing the risk and priority of each, it will be hard to make progress.

Check back next week for the next blog in our 5 Things to Know for 5/25 series! 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Do You Have Your GDPR Team in Place?

6 steps to building your GDPR dream team…

6 steps to building your GDPR dream team. Welcome to our n… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Apr 18, 2018

GDPR: Where it Fits in the Regulatory Hierarchy

Can you really comply with every regulat…

Can you really comply with every regulation? Auditing, eval… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Mar 23, 2018

GDPR: 3 Steps to Building a Trust Strategy

May 25th, 2018: Your relationship with d…

May 25th, 2018: Your relationship with data security & p… Read More >

Marc French

by Marc French

Senior Vice President & Chief Trust Officer

Posted Mar 16, 2018