GDPR - does anyone know where to start!?
-
For those of you who are in the EU, I’m sure you familiar with GDPR?
I have to say I am rather clueless with all this and have been tasked with putting together a strategy and ensure my organisation is fully compliant when it comes into effect end of May. That’s a ton of work between now and then just for one person and especially as I don’t have any experience really when it comes to data/information management.What do I do need to do from a practical point of view? I’ve started by putting together a document explaining GDPR and the process to my other 4 colleagues in the office – so that covers the preparation phase as it were, what comes after that – policies?
-
Get some external help.
We had 2 people go on some training course to be the project leaders for GDPR.
all i know about it is we need to tighten things, like securing all access to the network, put policies in place for stuff
Oh and a whole lot more stuff for IT to do
-
I agree with @hobbit666. GDPR compliance is massive. It is also significantly larger than IT. It will require buy-in from every level of your organization. You have quite a bit of reading ahead of you. There are many resources out there already. Here is one that I found that looks promising: https://www.rsa.com/content/dam/pdfs/7-2017/A-Practical-Guide-for-GDPR-Compliance-Osterman-Research.pdf.
Disclaimer: I am not a GDPR expert, nor does it currently affect me. I just guided an organization through a two year compliance process with NIST SP800-171, so I have an understanding of what governmental compliance entails.
-
In my last job a horde of consultancy companies proposed gap analysis to us. That's a good starting point. Then you just need to be prdpared to spend a lot in useless stuff.
