The route to compliance
Here is some advice about what needs to be done to ensure your organization complies with the law.
- Expertise and awareness are key factors. Management and other stakeholders have to understand the implications of the GDPR. What needs to be done and why?
- Conduct a review to get an idea of the scope, both territorially and in terms of data flows. This ensures that all personal data is handled.
- Carry out an assessment to answer key questions about how personal data is collected, transmitted, processed and stored. And how individuals’ rights are ensured.
- Find out what security measures and protective mechanisms are in place to address identified risks.
- Map critical data flows to identify where personal data is stored. A data flow map makes it easier to pinpoint where security measures should be implemented.
- Based on the assessment, perform an analysis of the legal requirements that need to be fulfilled depending on the type of personal data identified. Then convert legal requirements into security requirements. Perform a gap analysis to see which requirements have already been dealt with and which still need to be addressed.
- Bear in mind that everyone who handles personal data needs to understand the implications of the GDPR. Ensure everyone receives training so they can carry out their duties properly and effectively.