Five Essential Steps to GDPR Survival

Five Essential Steps to GDPR Survival

We are now less than a year away from the implementation of the European Commission’s General Data Protection Regulation (GDPR) on May 25, 2018, and the stakes for companies are high.

First, the GDPR “applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.”

Second, non-compliant organizations can face devastating fines as high as 4% of the annual global turnover or €20 million, whichever is higher.  

Third, preparing to meet the requirements of the General Data Protection Regulation cannot be done overnight simply by deploying security software, which, unfortunately, is where too many GDPR response discussion starts.

The good news is that companies that begin now can make tremendous progress toward creating a data infrastructure that dramatically reduces the likelihood of GDPR non-compliance and that minimizes the financial impact even if something goes wrong.

Here are the five key steps organizations must take to get ready.

Unify data management strategically

In the face of the GDPR, other evolving regulations, and advances in technology, data management and governance practices must be unified and auditable across all geographies and lines of business, and across on-premises, private cloud, public cloud, and hybrid infrastructures. The first step to achieving this is recognizing that every executive, manager and user has a stake in data management. C-level champions are essential, and CIOs, CDOs, and privacy officers must take the lead. This initiative must directly connect the data management, information security, legal and information governance teams, along with the lines of business.

Continue reading the five key steps organizations must take to get ready.

The passage is excerpted from an August 3, 2017, article on Info Security Magazine, written by Eckhard Herych, Faculty Member of the Compliance, Governance & Oversight Council (CGOC).