The May 25th GDPR deadline is upon us.

In the last edition of our series, we review what you can do to be ready for compliance.

Welcome to the final edition of our 5 Things for 5/25 blog series, where we’ve explored what organizations needing to comply with the EU General Data Protection Regulation (GDPR) must consider as the enforcement date approaches.

Well, now the implementation date we’ve been talking about for years has nearly arrived. Starting on May 25, the rights EU residents have over their data and what organizations holding that data can do with it changes forever.

So, before the regulation kicks in, take a step back and evaluate to make sure your organization has done these four things has part of a GDPR compliance strategy:

#1: Build Your GDPR Dream Team

No matter where you’re headquartered or what industry you’re in, your GDPR game plan cannot rely solely on your IT, legal or compliance teams. You need a cross-functional GDPR team. If you can’t hire a whole new staff right away, you can assemble your team within your organization to oversee GDPR preparation and risk management.

 What you can do:

  • Assign someone to be accountable
  • Assign dedicated program management
  • Assemble a cross-functional operating committee
  • Spread data classification work to the correct teams
  • Build a governance board made up of data privacy professionals
  • Keep third-party vendors committed to their contracts

#2: Prepare for GDPR Hurdles

Compliance with GDPR means taking a long look at procedures and processes around how you handle sensitive data for EU residents. Inevitably, things pop up that you don’t expect or that you didn’t prepare for.

For example, you could be surprised by the number of places where customer data lives in your organization, and these could all be potential risks for GDPR violations.

However, with the right approach, you can be ready to handle what this fundamental shift in data privacy and protection may toss in your direction, including data breaches, the definition of personal data, Subject Access Requests and risk management.

#3: Understand Security vs. Privacy

Many see privacy and security as being one in the same, but in fact, they are distinctly different. Understanding these differences is crucial to better define policies and protection required for GDPR compliance.

This may oversimplify a complex area, but privacy decisions focus on what personal data to collect, who can access it and when, how it is used, with whom it is shared and how long it is kept for. Security represents the technology tools that safeguard personal data from unauthorized access, maintain its integrity and ensure it is available when needed. Think of it like this, security is locking the windows to your house but privacy is having the ability to draw the shades/blinds.

Privacy principles are at the heart of GDPR, and enforcing them requires the right technology, processes, and behavior. So, it’s not an ‘either/or’, but an ‘and’ –privacy and security should work together to achieve the best result.

#4: Be Confident in Your GDPR Plan

Requirements under GDPR have resulted in wholesale changes in how organizations handle the privacy of EU resident data. In the past, approaches like privacy by design or seeking express consent to use personal data were more “nice to have” items as opposed to necessities for many.

Now, organizations should bake those practices into their data collection and handling processes, which in turn cause many to re-learn or re-think the way they’ve done things for years. And that’s creating some uneasiness.

While some 60 percent of global organizations aren’t completely confident their organization will be compliant by the deadline (according to new Vanson Bourne research), you can grow your confidence by taking the time to review the people and processes you’ve put in place to support your compliance efforts.

 

 

You may also like:

How Confident Are You in Your GDPR Compliance Plan?

If you lack confidence in your GDPR plan…

If you lack confidence in your GDPR plan, you’re not alone. … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted May 10, 2018

Prioritizing GDPR Hurdles

4 GDPR Hurdles to Prepare For In the …

4 GDPR Hurdles to Prepare For In the second installment o… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Apr 26, 2018

Do You Have Your GDPR Team in Place?

6 steps to building your GDPR dream team…

6 steps to building your GDPR dream team. Welcome to our n… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Apr 18, 2018