GDPR Compliance - Taking the First Step

Posted 18 September 2017 12:00 AM by Faizan Shaikh, User Engagement Analyst @ ClearPeople

GDPR is surrounded by an aura not unfamiliar to that which surrounded the Y2K bug in the late 90's. It has a notorious reputation for being a major disruptor — we don't deny this—but there's a lot less fire and brimstone in our vision of May 2018 when the hammer eventually falls. In fact, a lot of the panic and hysteria is from two primary areas of uncertainty; the first being people not understanding what GDPR is and secondly, not knowing how to start looking at their own organisation’s compliance with it.

With this in mind, join us in a series of blogs over the next few months where we use examples of our journey to take you down the road to becoming GDPR compliant.

What is GDPR?

GDPR (General Data Protection Regulation) is an update to the existing data protection acts and directives in place, and aims to provide EU individuals with more control over how their data is acquired, used and held. It is a regulation that presides over the data of all EU data subjects, but also organisations that process data of EU individuals elsewhere. Obviously, this has massive implications on the processes of companies holding "personal data", you can read more here.

Why are people panicking over GDPR?

The first issue people have is not knowing what GDPR is. Hopefully the above section and linked blogs helps alleviate that worry. What's funny is that people do know the pretty severe repercussions that will be faced by organisations not complying to these regulations. These include but aren't limited to monetary penalties and legal prosecutions, though it needs to be stressed a majority of these are for serious data breaches and won't be par for the course — especially when everything first kicks off in May 2018.

How do we even start becoming GDPR compliant?

Good question. So much is being said about what is changing with the introduction of GDPR that it's really daunting to think where you're actually meant to start. With any transformation, be it with your technology, process or even the people in your organisation, we recommend starting with a gap analysis and assessing how you are functioning in your "as is" state. That "as is" state should then be compared to your “to be” state (in this case, the GDPR compliant world of tomorrow) to assess the effort in getting the stuff in-between done.

A gap analysis spreadsheet can be as simple as any other checklist you've made in your life. The difficult part is probably gathering an extensive GDPR compliances you need to check off. Microsoft— a heavy proponent of GDPR— has created a wealth of collateral for partners to be able to know what their competencies should be, for more information check out our previous blog.

Identifying personal data in your organisation, and the stakeholders responsible

Alongside the gap analysis, at this early stage in the process it's best you start becoming more conscious of the personal data residing across your organisation. To conduct the gap analysis, we identified the people within ClearPeople who work closest with the different types of personal data we have.

At this point these stakeholders were made aware of the changes to the law and the impact this would have on their stream of work, especially if they had access to personal data that— in the new world, would require more consent from the data ‘owners’. There is currently over 7 months until GDPR comes into effect, so now is the perfect time to start having these discussions internally with your coworkers.

The information audit with these stakeholders should then begin, perhaps in an interview format, and the many stores and silos of personal data should be documented so that you’re aware of their existence at the very least. While there are 1001 questions you can and should ask around how the data enters, is processed and removed from your organisation, perhaps the poignant would be finding out:

  1. What is it?
  2. Why is it needed (what’s it used for)?
  3. Where is it held?
  4. Who is it shared with/who has access to it?

These questions are your foundations in becoming compliant and once these are answered you’ll find yourself naturally asking the next logical questions. For instance, after Identifying and Discovering what you hold, you may want to find out more around how this data is Managed and the processes in place to do this. Protecting the data from security breaches is also a major part of GDPR compliance and the security procedures in place should become of high interest to you as the processes around management become clearer.

We’ll be making more blog posts on how we’re travelling down the road to compliance. We’re equipped and ready to tackle the long road ahead, so if you need any help finding your footing, get in touch and we’ll help you take your first steps through to compliancy.

Share:

Add your comment

 
 

 

Archive

Tagcloud

Digital Transformation employee engagement staff satisfaction productivity Microsoft Teams Office 365 Yammer cms content management system agile GDPR Microsoft Graph collaboration Microsoft sharepoint 2016 upgrade migration SharePoint Online 2016 Tech Trends Digital Disruption Context marketing marketing SharePoint 2010 SharePoint 2013 TFS Git security kentico Analytics intranet jquery QA Quality Assurance testing digital workspace content management websites Sitecore sitecore marketplace sitecore module cloud Microsoft Cloud Storage digital strategy technical consulting sitecore modules Experience database Sitecore 7 Sitecore 8 support account management customer experience Data Storage windows azure cms integration front end front end development prototype Cloud Storage StorSimple Front-end Development Layout SharePoint 2013 colour palette UI design website design log viewer sitecore cms website Azure big data business-critical sharepoint accessibility android apple chrome clear people clearpeople debug emulator ios mobile testing opera resize adobe desktop flash ie10 internet explorer 10 metro windows 8 bcsp SharePoint Advanced System Reporter reporting framework ControlMode form control master page placeholder publishing console SharePoint 2007 SharePoint error search search results search values software testing testing scenario audit content information architecture retention schedules PowerShell QuickLaunch scripts SharePoint server 2010 business solutions metalogix replication replicator storagepoint stena technet UK Technet picture library slideshow web part RTM released to manufacturing caml caml query MOSS 2007 query infopath