Four key steps towards accelerating GDPR
The four essential steps for starting your GDPR-compliance journey
The General Data Protection Regulation (GDPR) is the new European law setting broad-reaching regulations for personal privacy rights. Affecting how you collect, store, and use personal information, it takes effect on May 25, 2018. And non-compliance can be costly. These are the four steps that we here at Pipol, view as the most essential for starting your GDPR-compliance journey.
Step #1: Discover what personal data you have, and where it resides
First, determine whether the GDPR applies to your organization. The law affects organizations that offer goods and services to people in the EU (or that simply collect and analyze data tied to EU residents)—no matter where the business is located. If this applies to your organization, inventory your data so you know what you have and where it lives. The GDPR regulates the collection, storage, use, and sharing of personal data—defined broadly. Microsoft’s white paper outlines different kinds of personal data that may be affected: such as customer databases, CCTV footage, loyalty program records, etc.
Step #2: Manage how personal data is used and accessed by your organization
Effectively managing your data involves implementing both data governance and data classification. A data governance plan will aid you in defining policies, roles, and responsibilities for the access, management, and use of personal data. As such, it will help ensure that your practices are GDPR compliant. Then, adopt a data classification strategy for easier identification and processing of personal data requests. Microsoft cloud services make it possible to centralize processing and better manage applicable policies, data categorizations, and use cases.
Step #3: Protect against possible data breaches
The new law raises the bar on security controls to prevent, detect, and respond to vulnerabilities. It requires organizations to take technical and organizational measures that protect personal data from loss or unauthorized access/disclosure. The Microsoft cloud can help, because it’s built to help you understand risks and defend against them. And, it’s more secure than on-site computing environments.
Step #4: Report data requests and data breaches
The GDPR sets new standards in transparency, accountability, and record-keeping. You’ll need to be more transparent about (1) how you handle personal data, and (2) how you maintain related documentation that defines your processes and use of personal data. The white paper outlines details of required documentation.
Remember: if your data belongs or relates to EU residents, you’ll need to be in compliance with the GDPR. And now is the time to review your privacy and data management practices. Download the white paper, assess your organization’s readiness, and take action. Step by step.
Microsoft’s illuminating white paper on the GDPR, find it here: Beginning_your_GDPR_Journey-2.