It looks like the European Union's new GDPR will go into effect on May 25, 2018. Companies that fail to comply with its rules and regulations will face fines of up to $20 million euros (or 4% of sales for the preceding year). This is definitely not a trivial update.
The GDPR is all about securing the personal information of EU citizens. The GDPR provides the guidelines and rules for how this personal information is to be collected, processed, stored, and secured.
GDPR Non-Compliance Will Result In Significant Fines
A Simple Framework
Being GDPR compliant will be overwhelming for some, impossible for others, but manageable for most, especially if the effort is methodically planned and executed.
Here are 6 stages that can help you define a good framework to make GDRP compliance easier:
First, you will need to define what personal data is and communicate that across the organization. In addition, the entire organization must be aware and knowledgeable of the key GDPR requirements and privacy rules.
Next, you will need to do an inventory of where all personal data is stored. You will need to track down every database, every file, every notepad, every stream, every data warehouse, every distributed location.
Once all personal data locations are known, a detailed assessment should be performed of each one of those locations. This assessment should include understanding the actual content, the quality of the content, its accessibility, and risk exposure.
Once you understand what is out there, where it is, how it is processed, stored, and controlled, then a gap analysis should be developed to identify vulnerabilities and to define action plans to address those vulnerabilities. Most importantly, access to this information by people with the proper access privileges must be reviewed and be brought to the standard required by the GDPR.
The GDPR defines Encryption, Pseudonymization, and Anonymization as the 3 ways that personal data can be protected. Make sure you are using one or more of them everywhere.
Make sure you have an audit process that can show regulators that you have complied with all aspects of the GDPR. It is especially important to be able to prove that you know where all personal data is, that you know what is in each location, that you have carefully controlled access to it, and that you are protecting it adequately.
Make Sure Things Get Done
Using an accountability tool like CommandHound to manage and instill a sense of accountability through the GDPR preparation process can only make things easier.
CommandHound Will Make Sure a GDPR Compliance Effort Gets Done
CommandHound was developed from the ground up to make sure things get done by tracking on-time task and milestone completion at the individual and team levels. This information is then tied to a performance review or reward system to drive accountability in the workplace.
Would you like to learn more about how CommandHound can help you become GDPR compliant?