Proteus® GDPReady™
Ideal Business As Usual (BAU) GDPR systemthe No.1 GDPR software privacy platform

GDPR is in full force

So is the hype over, or is the story only just beginning?

After literally hundreds of conversations with companies at differing stages of readiness for GDPR, we have seen a pattern emerge which reflects a three-phased approach for readiness over the next months and years. These observations come from all sectors - public, private and not-for-profit - and span most of the EU member states.

Phase 1. Getting across the line

For the majority of organisations, the main focus prior to May '18 was ‘getting across the line]’: data mapping; privacy impact assessments; data protection impact assessments; Article 30 reporting; breach notifications and subject access requests; for example. With some notable exceptions, the GDPR compliance journey got off to a slow start. There was excessive reliance on spreadsheets and a lack of clarity surrounding the purpose of the exercise. A plethora of quick and dirty tools and ‘GDPR compliance in a day’ type services emerged. Organisations with spreadsheet-based approaches realised that they were grinding to a halt as the size of the task became apparent. But whilst some may think they have crossed the finishing line, 25th May 2018 was only the starting line. Which brings us onto the second phase.

Phase 2. Business as usual

or taking GDPR in your stride. Let’s assume you have done what it takes to get across the line and that you have a reasonable level of confidence in your readiness for GDPR. What did it take? How much did it cost? What about this year, next year and the years after that? If you haven’t already acquired or developed a tool to make GDPR BAU, then now is the time to do so. One word of caution though – do it well, do it once!

Phase 3. Strategic direction

Once everything GDPR is running well and your organisation is operating normally again, what next? This phase may have its roots in phase 2, but now we are talking about truly integrating GDPR with everything else.

• Is my data protection for GDPR part of my overall protection?
• Can I merge my compliance with other standards, eg PSDII, ISO27001, ePrivacy, PCI, CCPA, LGPD, PDPA, RGPD or other emerging privacy standards?
• Can I introduce continuous proactive data protection?
• How do I risk assess mergers and acquisitions, gain competitive advantage from being ahead of the curve or obtain cheaper cyber insurance premiums?

These and many other strategic drivers come into play for different organisations and they differ for each. If you need help to make GDPR business as usual then we will be pleased to hear from you.

Proteus® GDPReady™ software can help you:

• Perform enterprise wide online audits against the GDPR
• Guides you through the process with an integrated project plan
• Discover and classify your data
• Easily survey the business for processes using personal data
• Maintain a process/data mapping register (Article 30)
• Report your levels of compliance against the regulation
• Breach notification (Article 33)
• Identify non-compliances and manage them with project plans

How to manage multiple regulations

One of the challenges faced by multinational organisations is how they will address the plethora of privacy regulations applicable to them. Whilst no one can anticipate all of these and provide a software tool that guarantees to address them, a well thought out product can provide the platform for best practice data privacy management.

Proteus® GDPReady™ is an itteration of Proteus® NextGen Data Privacy™ and uses the same code set. If you are only interested in GDPR then we simply deliver Proteus® NextGen configured to show only the functionality required for GDPR.