Complying with GDPR legislation, what are the preparations?
From May 2018, consumers will have extra rights in the area of privacy thanks to GDPR. This tightening of the privacy legislation means that companies must handle personal data in a safe(er) way. In this blog we give tips on how companies can prepare for this.
The first step in the process of complying with regulations is undoubtedly to create GDPR awareness within your organisation. Companies need to be aware of these regulations and their consequences. Not only your IT department will be involved in this, but also HR, Marketing and all services that process data will come into contact with the GDPR regulations.
Your company owns data in many different locations (databases, fileservers, on the cloud, registrations via the website, 3rd party...). This data must all be mapped. Locating all personal data and the path this information follows within the company will make the analysis easier. Also make impact analyses of the processing of this data. With this you determine what the impact is, if despite all precautions a data leak should occur. This way you can map out the risks.
List the tools on that personal data protect e.g. firewalls, web application firewalls, DLP, data classification. Evaluate your current policies and processes. Also look for inconsistencies through gap analysis.
Based on the different analyses, you can investigate the necessary measures. Determine the priorities based on the risk. Draw up a timeline and plan all the necessary adjustments. On the basis of this plan, you can make an estimate of the efforts your company needs to make in terms of policy, personnel and budget.
Then implement the tools and actions that are specific to your company. Don't forget the importance of communication. Because the impact of this legislation affects different departments within your company, an awareness campaign is advised. Monitoring the correct protection of all this information is also a permanent process. By appointing a data protection officer you can better guarantee the results.
The impact for a company is therefore not only technical, but also process-based (e.g. within 72 hours you must report a data leak to the competent authority) and administrative (policies provided).
You will need expertise in both legal regulations and technical and administrative security measures. SpotIT can support you in various ways to bring your GDPR project to a successful conclusion. Please feel free to contact us for more information.
Time to talk?
Do you want to know how your security and network are doing?
With an in-depth audit we map out your security challenges and your entire network.