REDLEGG BLOG
redlegg-gdpr

3-Steps to Establishing Your Own GDPR Compliance Program

Dec 13, 2018 7:30:00 AM  |  by Andrey Zelenskiy

Plan for a three-phased approach to establishing GDPR compliance across your organization.

PHASE 1 - Initial Privacy Impact Assessment (PIA)

  • Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
  • Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
  • Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
  • Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items

PHASE 2 - Data Discovery Control Audits

  • Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
  • Evaluation of data access and data protection control monitoring capabilities

PHASE 3 - Implementing the Program

  • Interpreting and applying the new data protection rules
  • Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program

Top 3 Priorities*

Percent of global respondents ranking each priority as #1:

  1. Complying with data processing principles – 18%
  2. Performing data discovery and ensuring data accuracy – 18%
  3. Getting consent from data subjects – 12%

Top 3 Struggles*

Percent of global respondents ranking each struggle as #1:

  1. Performing data discovery and ensuring data accuracy – 18%
  2. Complying with data processing principles – 17%
  3. Establishing a Data Protection Officer (DPO) – 11%

*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.

More GDPR resources:

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

GDPR Audit: Who Complied and Who Was Fined advisory, compliance, gdpr

GDPR Audit: Who Complied and Who Was Fined

A year after the European Union’s General Data Protection Regulations (GDPR) went into effect, we’re starting to see ...
The Impact of GDPR: One Year Later advisory, compliance, gdpr

The Impact of GDPR: One Year Later

It’s been a year since GDPR (General Data Protection Regulation) went into effect in the European Union. At the time it ...
Download Your GDPR Compliance Program