Ready or not, General Data Protection Regulation (GDPR) becomes law on May 25th, 2018, and failure to comply could cost your company millions. If you think this only affects the security and IT ops teams in the EU, think again. GDPR will have global business impact and it will affect your organization if you plan to scale globally, have customers in Europe or want to compete internationally.
Think of GDPR compliance as a program—not a project. Here are five steps to ensure GDPR compliance in your organization.
Step #1: EXECUTIVE AWARENESS
As stated before, GDPR affects your business. It’s not simply a security issue. If your organization wants to keep up with global competitors and do business with EU citizens this is everyone’s issue. You have to get your entire executive team and the board on the same page, and in order to mitigate and continuously manage this, you need to name a Data Protection Officer (DPO).
Step #2: PRIVACY OFFICE
Once you have the executive team on board—with funding and full commitment—it’s time to organize your privacy office. This should really be a full network; your entire organization should be looped in and everyone should be accurately updated on regulations and rules. Your DPO needs to align a privacy counsel and program manager to help roll out GDPR compliance all the way from the CEO to sales and marketing and support to IT ops, and so forth.
Step #3: MAP PROTECTED DATA
Everyone’s on board? Great. Now it’s time to take a look at what personally identifiable information (PII) is collected and why. Where is it stored and how is it classified? Take an in-depth audit now. Is PII transferred across borders? Why and who is it shared with?
STEP #4: OPERATIONAL IMPLEMENTATION
It’s time to build and customize your company’s processes and Incident Response Process (which has to happen within 72 hours under GDPR). Your DPO should also assess your third party vendor risks at this time. Be thorough.
STEP #5: AWARENESS AND TRAINING (REPEAT)
Build new specifics into your new-hire training, but don’t forget about ongoing technical training for senior staff. Make annual security training mandatory and brief your executive leadership on new GDPR readiness.
Continuous compliance, detailed mapping and auditing of the “why” and “how” of your customer’s PII and data, and setting up a strong privacy team with a Data Protection Officer who knows the importance of getting buy-in from the board will keep your company compliant.
Don’t take chances. Security is not a game. Watch Pluralsight’s own Head of Information Security, Trenton Bond’s, full webinar on GDPR here.
5 keys to successful organizational design
How do you create an organization that is nimble, flexible and takes a fresh view of team structure? These are the keys to creating and maintaining a successful business that will last the test of time.Read more
Why your best tech talent quits
Your best developers and IT pros receive recruiting offers in their InMail and inboxes daily. Because the competition for the top tech talent is so fierce, how do you keep your best employees in house?Read more
Technology in 2025: Prepare your workforce
The key to surviving this new industrial revolution is leading it. That requires two key elements of agile businesses: awareness of disruptive technology and a plan to develop talent that can make the most of it.Read more