REDLEGG BLOG
redlegg-gdpr

3-Steps to Establishing Your Own GDPR Compliance Program

Dec 13, 2018 7:30:00 AM  |  by Andrey Zelenskiy

Plan for a three-phased approach to establishing GDPR compliance across your organization.

PHASE 1 - Initial Privacy Impact Assessment (PIA)

  • Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
  • Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
  • Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
  • Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items

PHASE 2 - Data Discovery Control Audits

  • Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
  • Evaluation of data access and data protection control monitoring capabilities

PHASE 3 - Implementing the Program

  • Interpreting and applying the new data protection rules
  • Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program

Top 3 Priorities*

Percent of global respondents ranking each priority as #1:

  1. Complying with data processing principles – 18%
  2. Performing data discovery and ensuring data accuracy – 18%
  3. Getting consent from data subjects – 12%

Top 3 Struggles*

Percent of global respondents ranking each struggle as #1:

  1. Performing data discovery and ensuring data accuracy – 18%
  2. Complying with data processing principles – 17%
  3. Establishing a Data Protection Officer (DPO) – 11%

*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.

More GDPR resources:

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Recent Articles

Two Data points is a trend. Three Data points is a story

Two Data points is a trend. Three Data points is a story

Data is the building block of everything we see and do in the Digital Age. But our reliance on data goes beyond that. ...
Top 5 Benefits to Hiring a vCISO (Virtual Chief Information Security Officer) blog

Top 5 Benefits to Hiring a vCISO (Virtual Chief Information Security Officer)

Every day, there seems to be a news story about the latest data security breach. Guarding the privacy of company ...