General Data Protection
Regulation (GDPR)
Meeting the GDPR Obligations
Protecting data subjects’ fundamental right to privacy is essential to operating in the digital age. We understand that meeting the requirements of the GDPR is difficult, yet critical to the continued success of your organization. Our goal is to be a collaborative partner for our customers to help them stay ahead of the regulatory curve.
Compliance with GDPR requires the involvement of people, processes, and technology across the organization.
PEOPLE
Competent resources, staff training & awareness, and commitment from the top down.
PROCESS
Data governance, subject access requests, breach notification, and best practices.
TECHNOLOGY
Identify, protect, and manage your data.
Where Do I Begin?
GDPR compliance is a journey and being fully compliant will take time. The best way to begin compliance is to break the work down into manageable activities. Here are a few suggestions.
ASSIGN RESPONSIBILITY
Understand the Regulation, determine if it applies to your organization, and don’t go at it alone (work with an expert).
ASSESS & DISCOVER
Assess your posture against the Regulation. Identify the type, category, and location of the data you process. Create a data inventory and data flow diagram.
LAWFUL BASIS OF PROCESS
Determine and document the lawful basis for your processing activities under GDPR.
RECORDS OF PROCESSING
Document the required information as stipulated by GDPR and put a plan in place to maintain this information.
PRIVACY NOTICES
Review current privacy notices and put a plan in place for making any necessary changes for GDPR compliance.
SUBJECT ACCESS REQUESTS
Establish procedures for addressing requests from your data subject, keeping in mind the one-month time constraint.
DATA BREACH NOTIFICATION
Review your current breach notification process and put a plan in place to adhere to the 72-hour requirement.