This information is taken from Dark Data: The Hidden Risk to GDPR Non-Compliance, a free industry guide authored by Tim Hyman. In it, he examines the requirements of GDPR and explains how dark data could be impacting your compliance efforts. Learn best-practice solutions for new compliance workflows designed to protect your organization.
It is critical to start planning now for how you will respond to the GDPR’s extensive requirements if you haven't already. With a robust Information Governance strategy, firms should have started implementing the controls and protections needed to achieve strong security for their client, prospect and employee personal data. If you haven't yet started GDPR preparations, these are the next steps;
1. Raise awareness
Hold internal workshops for key stakeholders to understand the legislation changes and likely impact on systems and processes
2. Carry out a GDPR Impact Assessment
• Understand your current exposure
• Document Data Flows
• Determine the risk
• Document Remediation Plans
3. Develop a GDPR Compliance Plan (GCP)
Produce a timeline of key compliance objectives. Delegate process change to key stakeholders in the relevant areas of the business impacted.
4. Assess all Cloud Service Provider Contracts
Work with your current third-party service providers to seek assurance as to their GDPR compliance and understand what contract changes are needed.
About the author
Tim is an independent consultant specializing in information security and GDPR technology compliance. This follows 20+ years as an IT Director of top 20 law firms including Reed Smith, Olswang and Taylor Wessing, with a broad-based management responsibility for strategy, systems design, implementation and support.