First, the GDPR “applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.”
Second, non-compliant organizations can face devastating fines as high as 4% of the annual global turnover or €20 million, whichever is higher.
Third, preparing to meet the requirements of the General Data Protection Regulation cannot be done overnight simply by deploying security software, which, unfortunately, is where too many GDPR response discussion starts.
The good news is that companies that begin now can make tremendous progress toward creating a data infrastructure that dramatically reduces the likelihood of GDPR non-compliance and that minimizes the financial impact even if something goes wrong.
Here are the five key steps organizations must take to get ready.
Unify data management strategically
In the face of the GDPR, other evolving regulations, and advances in technology, data management and governance practices must be unified and auditable across all geographies and lines of business, and across on-premises, private cloud, public cloud, and hybrid infrastructures. The first step to achieving this is recognizing that every executive, manager and user has a stake in data management. C-level champions are essential, and CIOs, CDOs, and privacy officers must take the lead. This initiative must directly connect the data management, information security, legal and information governance teams, along with the lines of business.
Continue reading the five key steps organizations must take to get ready.
Not a member? Join the community
Already a member? Sign in
Become a CGOC Member and have access to resources, white papers, surveys, proceedings, and practice tools such as the Information Economic Process Assessment Kit. CGOC Members receive first priority to regional CGOC executive meetings around the world.
Asterisks (*) indicate fields required for registration