3 Steps to Establishing Your Own GDPR Compliance Program

https://www.redlegg.com/hubfs/Theme-2024/overlay-red.png featured image

By: Andrey Zelenskiy

Plan for a three-phased approach to establishing GDPR compliance across your organization.

Download Your GDPR Compliance Program

PHASE 1 - Initial Privacy Impact Assessment (PIA)

  • Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
  • Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
  • Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
  • Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items

PHASE 2 - Data Discovery Control Audits

  • Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
  • Evaluation of data access and data protection control monitoring capabilities

PHASE 3 - Implementing the Program

  • Interpreting and applying the new data protection rules
  • Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program

Top 3 Priorities*

Percent of global respondents ranking each priority as #1:

  1. Complying with data processing principles – 18%
  2. Performing data discovery and ensuring data accuracy – 18%
  3. Getting consent from data subjects – 12%

Top 3 Struggles*

Percent of global respondents ranking each struggle as #1:

  1. Performing data discovery and ensuring data accuracy – 18%
  2. Complying with data processing principles – 17%
  3. Establishing a Data Protection Officer (DPO) – 11%

Download Your GDPR Compliance Program

Want more? Read...

*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.