The EU General Data Protection Regulation (GDPR) deadline to meet compliance is swiftly approaching. And with multiple studies in the press pointing to an unequivocal unpreparedness for the new guidelines, here’s some help for organizations who might not know how to begin and a brief Q&A with Ravi Pather, Senior VP of Global Sales at eperi.
Assuming your company is well under way in becoming GDPR compliant, the list of requirements that need to be ticked off include: Having already completed the necessary data discovery formalities and looking at minimizing personal sensitive data, you’ve also appointed a Data Protection Officer (DPO), you are now well into performing your Data Protection Impact Assessment (DPIA) or have either started or completed this process.
For those that are slightly behind, below is timeline of the processes that your organization should be following and where you should be in relation to May 2018 – when GDPR is finally implemented.
This Timeline was presented by Ravi Pather in a webinar about GDPR Compliance in October 2017. If you missed the webinar, register here to view the recording or to download the webinar presentation.
In relation to the timeline above, at what point should organizations be at in order to meet the GDPR compliance deadline?
Ravi Pather: Enterprises should be looking to now enter a phase of mitigating the risks identified in the DPIA with a view to implementing solutions probably from the start of the year. Referring to the timeline above, this is a good indicator to assess where your company is in its GDPR compliance journey and some key dates as well as some of the fines associated with not completing certain tasks.
When is the data at highest risk?
Ravi Pather: When personal data and sensitive personal data are leaving your organization, it is at far higher risk to cybersecurity attacks and you are now placing that in a third-party processor environment where you don’t have the controls required to confirm total protection of that data. This is why the GDPR is very specific in the need to complete a DPIA and identify the risks and then look to mitigate the risks highlighted by that DPIA.
What is you best piece of advice to organizations today about GDPR preparedness?
Ravi Pather: Don’t put off until tomorrow what you can do today. The time to begin preparation is now and get those Data Protect Impact Assessments started. If your organization is on target to meet the tasks at hand or if you are identifying and addressing the risks and issues that are raised by the DPIA, the transition to becoming GDPR compliant will be stress-free from here on out.