4 min read
By: Andrey Zelenskiy
Plan for a three-phased approach to establishing GDPR compliance across your organization.
PHASE 1 - Initial Privacy Impact Assessment (PIA)
- Audit of business processes to determine the type of personal data currently collected, stored, processed, and exchanged with affected external entities
- Review of established data minimization practices that must be implemented at every step of the data lifecycle to maintain GDPR compliance
- Evaluation of organizational ability to comply with the Right to Erasure (right to be forgotten) requirements
- Delivery of the Gap Assessment Report and high-level Implementation Plan defining compliance action items
PHASE 2 - Data Discovery Control Audits
- Discovery and analysis of GDPR-related data residing on-premise and in cloud-based applications and systems
- Evaluation of data access and data protection control monitoring capabilities
PHASE 3 - Implementing the Program
- Interpreting and applying the new data protection rules
- Invoking defined methods for managing, enforcing, and maintaining the GDPR Compliance Program
Top 3 Priorities*
Percent of global respondents ranking each priority as #1:
- Complying with data processing principles – 18%
- Performing data discovery and ensuring data accuracy – 18%
- Getting consent from data subjects – 12%
Top 3 Struggles*
Percent of global respondents ranking each struggle as #1:
- Performing data discovery and ensuring data accuracy – 18%
- Complying with data processing principles – 17%
- Establishing a Data Protection Officer (DPO) – 11%
Want more? Read...
- GDPR Checklist: Preparing for Assessment and Implementation
- GDPR Audit: Who Complied and Who Was Fined
- GDPR 101 Guide: Understanding the Requirements
*Source: RSA Conference webcast: IBM Techniques and Recipes for Success: April 5, 2018.