This week, the European Union General Data Protection Regulation (GDPR) transition period ends and enforcement — including fines for non–compliance — kick in. Whilst some organizations have been preparing for some time, experience shows us that some businesses have a tendency to cram in the compliance work at the last minute (for example, PCI DSS 3.2 which came into effect on the 1 February this year revealed a ‘compliance cramming’ culture). It’s unlikely that GDPR will be an exception. The risk associated with this behavior is that organizations will end up with processes that aren’t efficient, scalable, strategic or worse — compliant.
However, if your company wasn’t quick off the mark and still has some distance to travel on GDPR, it is not too late to get the ball rolling to ensure your organization is poised for success. Justin Coker, Vice President EMEA, Skybox Security, gives his five tips to accelerating down the path towards effective implementation of an EU GDPR strategy for compliance that’s sustainable after the May deadline.
- Appoint a qualified data protection officer: Ultimately, one person needs to be accountable for ensuring compliance. In fact, you may be mandated to designate a data protection officer depending on the processing you perform (EU GDPR Article 37).
- Be aware of your assets: Having complete visibility of your networks and assets are required to ensure absolute compliance. Make sure that you have the right technology solutions in place across both physical and virtual networks.
- Implement a suitable, systematic approach: Compliance isn’t just something that can be ticked off your to-do list. Instead it needs to become a fundamental part of management and auditing. It is also crucial to implement a compliance record.
- Automate where you can: GDPR brings with it a hefty workload in terms of documentation. Identify which tasks can be automated to lighten the load.
- Don’t be overwhelmed by advice: There is no shortage of information on EU GDPR. But consider the source and what stakes they may have in implementing EU GDPR. There are many great resources and much guidance to help you sort through the process as you move from planning to compliance. For example, the National Cyber Security Centre has a “10 steps to Cyber Security” document which outlines steps organizations can take to begin to construct a stringent cybersecurity posture.
By: Justin Coker, Vice President EMEA, Skybox Security