This week, the European Union General Data Protection Regulation (GDPR) transition period ends and enforcement — including fines for non–compliance — kick in. Whilst some organisations have been preparing for some time, experience shows usthat some businesses have a tendency to cram in the compliance work at the last minute (for example, PCI DSS 3.2 which came into effect on the 1 February this year revealed a ‘compliance cramming’ culture). It’s unlikely that GDPR will be an exception. The risk associated with this behaviour is that organisations will end up with processes that aren’t efficient, scalable, strategic or worse — compliant.
However, if your company wasn’t quick off the mark and still has some distance to travel on GDPR, it is not too late to get the ball rolling to ensure your organisation is poised for success. Justin Coker, Vice President EMEA, Skybox Security, gives his five tips to accelerating down the path towards effective implementation of an EU GDPR strategy for compliance that’s sustainable after the May deadline.
1. Appointa qualified data protection officer: Ultimately, one person needs to be accountable for ensuring compliance. In fact, you may be mandated to designatea data protection officer, depending on the processing you perform (EU GDPR Article 37).
2. Be aware of your assets:Having complete visibility of your networks and assets are required to ensure absolute compliance. Make sure that you have the right technology solutions in place across both physical and virtual networks.
3. Implement a suitable, systematic approach:Compliance isn’t just something that can be ticked off your to-do list. Instead it needs to become a fundamental part of management and auditing.It is also crucial to implement a compliance record.
4. Automate where you can: GDPR brings with it a hefty workload in terms of documentation. Identify which tasks can be automated to lighten the load.
5. Don’t be overwhelmed by advice: There is no shortage of information on EU GDPR. But consider the source and what stakes they may have in implementing EU GDPR. There are many great resources and much guidance to help you sort through the process as you move from planning to compliance. For example, the National Cyber Security Centre has a “10 steps to Cyber Security” document which outlines steps organisations can take to begin to construct a stringent cybersecurity posture.