GDPR enforcement is here and businesses are taking various approaches to comply. Most noticeable was the flood of emails we all received from companies scrambling to update their privacy policies. Big tech companies are passing the buck onto individual businesses and publishers, making them responsible for any data they may collect. And to the extreme, some organizations are blocking all EU users including retailers like Dick’s Sporting Goods and Pottery Barn. Even the publishing house Tronc, which owns outlets such as The Chicago Tribune, went dark after GDPR enforcement took effect.
For any organization processing the personal data of individuals in the EU, GDPR has forced what must be a change in both business process and company culture. To do it right, organizations should make the management of data privacy risks a part of their DNA. It’s a lofty goal, but effective data risk management should be a strength that may then be capitalized on in the market place. Look at it from the carrot and stick perspective – the stick is the possibility of big fines, the carrot is effective data risk management capabilities that will be rewarded in the marketplace.
What should some of these changes look like? For starters, you need a compliance officer, either a new-hire of a Data Privacy Officer or someone assigned with compliance responsibilities. This person should emphasize that managing data privacy risks is a continuous process and not just an exercise in GDPR or any other regulatory mandate.
Here are the top 5 things your compliance offer should focus on:
For more ideas on how to comply with GDPR, take a look at my earlier post, Procrastinators’ Guide to GDPR Compliance.
When large initiatives like GDPR are rushed against a looming deadline, important pieces are often missed. The ability to step back and focus on what’s most important is often blurred. GDPR promotes a risk-based approach to compliance. If you aren’t ready, start by focusing your attention on the processing activities that have the most risk.
If you’re interested in learning more about compliance best practices and how to keep track of your sensitive information, listen to our now archived webcast: “Data Visibility: Your Path to Regulatory Compliance.”