REDLEGG BLOG
redlegg-gdpr

3-Steps to Establishing Your Own GDPR Compliance Program

Dec 13, 2018 7:30:00 AM  |  by Andrey Zelenskiy

Plan for a three-phased approach to establishing GDPR compliance across your organization.

PHASE 1 - Initial Privacy Impact Assessment (PIA)

  • Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
  • Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
  • Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
  • Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items

PHASE 2 - Data Discovery Control Audits

  • Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
  • Evaluation of data access and data protection control monitoring capabilities

PHASE 3 - Implementing the Program

  • Interpreting and applying the new data protection rules
  • Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program

Top 3 Priorities*

Percent of global respondents ranking each priority as #1:

  1. Complying with data processing principles – 18%
  2. Performing data discovery and ensuring data accuracy – 18%
  3. Getting consent from data subjects – 12%

Top 3 Struggles*

Percent of global respondents ranking each struggle as #1:

  1. Performing data discovery and ensuring data accuracy – 18%
  2. Complying with data processing principles – 17%
  3. Establishing a Data Protection Officer (DPO) – 11%

*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.

More GDPR resources:

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Related Articles

6 Steps of Vulnerability Scanning Best Practices blog

6 Steps of Vulnerability Scanning Best Practices

Vulnerability scanning (vuln-scan) is the process of finding exploits, flaws, security holes, insecure access entry ...
How to Maximize your MSS Experience blog

How to Maximize your MSS Experience

Your Managed Security Services provider is a crucial player in your overall security posture, and our number one goal ...