General Data Protection
Regulation (GDPR)

Meeting the GDPR Obligations

Protecting data subjects’ fundamental right to privacy is essential to operating in the digital age. We understand that meeting the requirements of the GDPR is difficult, yet critical to the continued success of your organization. Our goal is to be a collaborative partner for our customers to help them stay ahead of the regulatory curve.

Compliance with GDPR requires the involvement of people, processes, and technology across the organization.

PEOPLE

Competent resources, staff training & awareness, and commitment from the top down.

PROCESS

Data governance, subject access requests, breach notification, and best practices.

TECHNOLOGY

Identify, protect, and manage your data.

Where Do I Begin?

GDPR compliance is a journey and being fully compliant will take time. The best way to begin compliance is to break the work down into manageable activities. Here are a few suggestions.

ASSIGN RESPONSIBILITY

Understand the Regulation, determine if it applies to your organization, and don’t go at it alone (work with an expert).

ASSESS & DISCOVER

Assess your posture against the Regulation. Identify the type, category, and location of the data you process. Create a data inventory and data flow diagram.

LAWFUL BASIS OF PROCESS

Determine and document the lawful basis for your processing activities under GDPR.

RECORDS OF PROCESSING

Document the required information as stipulated by GDPR and put a plan in place to maintain this information.

PRIVACY NOTICES

Review current privacy notices and put a plan in place for making any necessary changes for GDPR compliance.

SUBJECT ACCESS REQUESTS

Establish procedures for addressing requests from your data subject, keeping in mind the one-month time constraint.

DATA BREACH NOTIFICATION

Review your current breach notification process and put a plan in place to adhere to the 72-hour requirement.

Scroll to Top