Employ Threat Detection – the GDPR requires your organisation to inform the regulator within 72 hours of a breach. Timely detection will be key and organisations should consider deploying breach detection technologies. Examples of these are: network traffic management; database and content repository usage; user log-on profiling; dark web detection to identify if any of your data has already been compromised and is openly available for sale. Implement a Case Management Process – no matter what defences are employed, a data breach will always be a real threat. Over 90% of breaches happen internally, where employees have legitimate access to personal data but use it in a non-compliant manner, unintentionally or otherwise. You should build a case management strategy to address the likely breach scenarios. Together, these activities will enable you to work towards a GDPR defensible position, provide direction for your GDPR compliance programme and provide the basis for your ongoing annual GDPR audit.
The in-depth GDPR Readiness Assessment will deliver multiple valuable outputs: • Gap Analysis – People, Process, Technology, Commercial etc. • Review of Security - Policies, Process and Procedures • Data Use Case Management • Consent Management Actions • Technology Assessments • Business Process Assessment • Actionable Plan As a minimum, the action plan is likely to include the following: Provide Training – everyone in your business needs to be educated on what they can and cannot do with personal data, including executive certification training for the executive sponsor and key individuals. Establish Data Subject Access Request Management (DSAR) – DSAR management is likely to have the largest single long-term impact on most organisations. Having an effective DSAR process and a responsible person or team will be critical to responding appropriately to new consumer access rights.
One More Thing We strongly recommend...
...you register now with the Information Commissioner’s Office (www.ico.org.uk). It will be necessary to do so once the GDPR comes into force. The ICO also has a wealth of useful information and guidance on their website.
Made with FlippingBook - Online Brochure Maker