6 steps to building your GDPR dream team.
Welcome to our new GDPR blog series, 5 Things to Know for 5/25. As we inch closer to the GDPR deadline of May 25, the pressure is on and the panic may have set in.
Take a breath.
Every Friday we’ll be coming out with a new blog to help you get your organization ready to take data security, data privacy and all things GDPR head-on.
We’re kicking off the series with this: we want to make sure you’ve got your team in place. No matter where you’re headquartered or what industry you’re in, your GDPR game plan cannot rely solely on your IT, legal or compliance teams. You need a cross-functional GDPR team.
Can’t hire a whole new staff in the next month? Here are 6 ways to assemble your team within your organization to oversee GDPR preparation and risk management.
- Assign DEDICATED PROGRAM MANAGEMENT to manage the process.
- GDPR compliance isn’t something that can be done in a fly-by-night manner. Get your best people with program management skills in place to tackle the task.
- Assemble a CROSS-FUNCTIONAL OPERATING COMMITTEE of six people or less to make strategic decisions and provide governance and oversight.
- Gather representatives across your organization, ideally including leads from all key functional areas (e.g. HR, finance, legal, marketing etc…) to address your GDPR strategy. It doesn’t need to be a big group: limit the scope and make the best decisions in your organization’s interest.
- SPREAD DATA CLASSIFICATION WORK to the departments that know it best.
- Not everyone in your organization will be best-suited to understand how to handle every type of customer or personal data. Identify those who should be in the know and put them in the best position to succeed.
- Have a GOVERNANCE BOARD MADE UP OF DATA PRIVACY PROFESSIONALS ready to lean in and help with the individual functional areas, like data inventory and privacy impact assessment.
- Don’t assume your IT or security team can cover this: data privacy isn’t the same thing. Those versed in data privacy will be essential to a successful GDPR compliance plan.
- Keep third-party vendors COMMITTED TO THEIR CONTRACTS and be sure to understand their data flows.
- Customers may be asking you about your GDPR compliance strategy and how it may impact your contracts with them. The same needs to apply for your approach with your vendors. Know where they stand and ensure they’re taking similar care with your data.
- ASSIGN SOMEONE TO BE ACCOUNTABLE, whether you decide to appoint a Data Protection Officer (DPO), there needs to be someone within your organization that is accountable for GDPR compliance.
- The buck must stop with someone, and that’s an imperative part of maintaining GDPR compliance when issues crop up. Assigning a DPO could be the simplest way to address this.
Check back every Friday up to the GDPR deadline for more tips on how to make sure you’re ready for May 25!
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly
Take me back to the article please