Prioritizing GDPR Hurdles
4 GDPR Hurdles to Prepare For
In the second installment of our 5 Things to Know for 5/25 blog series, we’re talking about how to prepare for, prioritize and tackle your GDPR hurdles.
Compliance with GDPR means taking a long look at procedures and processes around how you handle sensitive data for European Union residents. Inevitably, things pop up that you don’t expect or that you didn’t prepare for. For example, you could be surprised by the number of different places where customer data lives in your organization, and these could all be potential risks for GDPR violations.
However, with the right approach, you can be ready to handle what this fundamental shift in data privacy and protection may toss in your direction.
From breach response to risk management here are some tips from our GDPR experts on how to handle four significant potential hurdles you may face in your compliance journey:
Hurdle #1: Data Breach
The biggest hurdle to overcome is the inevitable data breach. Under GDPR how you handle a breach will be paramount to your organization. Having a response plan in place is critical. Your plan must include how you will investigate and understand what has happened but also how to keep your organization functioning. When responding to the incident, be as transparent as possible. This will buy you time and good-will, but don’t forget the 72-hour notification requirement.
Hurdle #2: What is “personal data”?
Companies often accumulate large amounts of data all over the place without thinking about what’s considered to be “personal data”. Understand what GDPR considers to be “personal data” (remember, context matters), and find out all the places where this data resides. Unless something has business value, or you have a legal or regulatory requirement to keep it, you might want to consider deleting it.
Hurdle #3: Subject Access Requests
Subject Access Requests enable any data subject to request what personal information a company holds on them. This means you must be able to deliver requested personal data in a readable, portable format. Be sure you have a plan in place to address these requests in a timely, efficient fashion and that you can supply the results securely to the data subject.
Hurdle #4: Risk Management
Don’t try to tackle all your data at once. First, focus on the top risk areas and those most visible. For example: if you have a website, focus on that, including how you collect and store personal data and ensuring privacy statements are up-to-date; email holds vast amounts of personal data and is the number one source of cyber-attacks - so can be a big risk if not prioritized; if you’re tracking through social media, this should be an area of priority too. Without understanding potential vulnerabilities and assessing the risk and priority of each, it will be hard to make progress.
Check back next week for the next blog in our 5 Things to Know for 5/25 series!
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!