Countdown To GDPR
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
GDPR Compliance Deadline: May 25th, 2018
Which companies does GDPR affect?
- If your company has a presence in a EU country.
- If your company holds any personal information about an EU citizen.
- More than 250 employees.
- Fewer than 250 but your data processing/collection may impact freedoms and rights of data subjects, or includes certain types of sensitive personal data.
What should your company be doing to prepare for GDPR?
1. Conduct a thorough review of the Articles.
2. Conduct an initial DPIA (Data Privacy Impact Assessment).
3. Based on the initial DPIA, use the diagnostic to assess key program constructs that require attention.
4. Define an implementation blueprint in terms of strategy, process, data, security, technology and people to address the Articles and DPIA findings.
5. Identify opportunities for automation (key to enabling and accelerating consistent, repeatable processes, including future DPIAs).
6. Create a business case / cost model for the entire program including support as requirements are released into production.
7. Create a high-level program plan that includes key milestones for introducing capabilities in an iterative, incremental, systematic manner.
8. Identify a DPO sponsor (possibly existing Chief Data Officer).
9. Define the organizational structure, roles, responsibilities, and operating model required to support the program.
10. Establish a formal training program to communicate the necessity of the program, accountabilities, work streams, milestones, and on-going change management.