Comprehensive view of where Personal Identifiable Data resides in your organisation - Scored readiness evaluation and graphical illustration of compliance gaps - Roadmap for compliance with recommendations for immediate action - Insights to start building a robust data protection framework and inform your future technology choices - Helps meet the regulation requirements at a reduced cost, and potentially huge fines mitigated, not to mention reputational damage averted - Snapshot of legal landscape and your potential exposure - Easy, fast breach reporting - Vendor risk management for audits
After literally hundreds of conversations with companies at differing stages of readiness for GDPR, we have seen a pattern emerge which reflects a three-phased approach for readiness over the next months and years. These observations come from all sectors - public, private and not-for-profit - and span most of the EU member states.
For the majority of organisations, the main focus for the past months has been ‘getting across the line’: data mapping; privacy impact assessments; data protection impact assessments; Article 30 reporting; breach notifications and subject access requests; for example. With some notable exceptions, the GDPR compliance journey got off to a slow start. There was excessive reliance on spreadsheets and a lack of clarity surrounding the purpose of the exercise. A plethora of quick and dirty tools and ‘GDPR compliance in a day’ type services emerged. Organisations with spreadsheet-based approaches realised that they were grinding to a halt as the size of the task became apparent. But whilst some may think they have crossed the finishing line, 25th May 2018 was only the starting line. Which brings us onto the second phase…
or taking GDPR in your stride.
Let’s assume you have done what it takes to get across the line and that you have a reasonable level of confidence in your readiness for GDPR.
What did it take? How much did it cost? What about this year, next year and the years after that?
If you haven’t already acquired or developed a tool to make GDPR BAU, then now is the time to do so.
One word of caution though – do it well, do it once!
Once everything GDPR is running well and your organisation is operating normally again, what next? This phase may have its roots in phase 2, but now we are talking about truly integrating GDPR with everything else.
These and many other strategic drivers come into play for different organisations and they differ for each. If you need help to make GDPR business as usual then we will be pleased to hear from you.