REDLEGG BLOG
redlegg-gdpr

3 Steps to Establishing Your Own GDPR Compliance Program

12/13/18 7:30 AM  |  by Andrey Zelenskiy

Plan for a three-phased approach to establishing GDPR compliance across your organization.

Download Your GDPR Compliance Program

PHASE 1 - Initial Privacy Impact Assessment (PIA)

  • Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
  • Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
  • Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
  • Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items

PHASE 2 - Data Discovery Control Audits

  • Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
  • Evaluation of data access and data protection control monitoring capabilities

PHASE 3 - Implementing the Program

  • Interpreting and applying the new data protection rules
  • Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program

Top 3 Priorities*

Percent of global respondents ranking each priority as #1:

  1. Complying with data processing principles – 18%
  2. Performing data discovery and ensuring data accuracy – 18%
  3. Getting consent from data subjects – 12%

Top 3 Struggles*

Percent of global respondents ranking each struggle as #1:

  1. Performing data discovery and ensuring data accuracy – 18%
  2. Complying with data processing principles – 17%
  3. Establishing a Data Protection Officer (DPO) – 11%

Download Your GDPR Compliance Program

Want more? Read...

*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.

Get Blog Updates

Related Articles

The CMMC Framework Levels vCISO, advisory, compliance, cmmc

The CMMC Framework Levels

As those in the Defense Industrial Base (DIB) look into the CMMC requirements, what exactly are the different levels of ...
News Roundup From A CISO advisory, industry news

News Roundup From A CISO

Whether your organization has a CISO or someone looking after CISO-level responsibilities, we've provided a few news ...