Helpful tips to get started
To get started, here are a few key areas to focus on while you start preparing and defining your compliance action plan:
- The processes, people and technology measures you deploy will need to address how personal data is stored or processed by your organisation, so the first step is to identify everywhere that personal data is collected, stored and used.
- Some of the key security, privacy, IT and administrative policies required by the GDPR will need to be established, assessed, and re-assessed: pseudonymisation, encryption, documentation, and taking measures to ensure the integrity, confidentiality, availability, resilience, assessment and post-incident-recovery of processing systems and services.
- It is essential to investigate available technology solutions that can provide quick wins in multiple areas of the regulation, for the purpose of saving you time, resources and cost. Some features to look out for are: automated pre-assigned alerts, clear visibility, easy reporting, and rapid, reliable investigation capabilities.
- The GDPR requires organisations to deploy mandated measures to inform, protect and serve the individuals whose personal data they hold, including notifications at the time of data collection, receiving consent and processing requests “to be forgotten.”
- Further procedures, related to potential data breaches, need to be implemented, including the ability to detect and report breaches to the relevant supervisory authority as well as notifications to affected individuals.
- It’s critical to begin educating employees early regarding the GDPR at a high level and how it will impact their roles down the road. Your internal users–including IT privileged users, business users and third-party contractors–can serve as the greatest guardians of the GDPR cause, but also pose your greatest threat if security awareness about personal data is not embedded in your organisation’s culture from the start.
In order to get started with your GDPR action plan, it’s important to focus on the key overarching GDPR requirements one at a time!
For your convenience, here’s a link to the official EU GDPR Regulation with useful chapter headings. Or, download the full EU GDPR Regulation as a PDF.