Organisations have until 25 May 2018 to fully comply with the new GDPR regulations and it is imperative that organisations fully understand the requirements of GDPR and prepare well in advance to avoid being hit with heavy fines. Breaches within the regulation around the collection, usage and maintenance of personal data are significant, but the loss of customer and stakeholder confidence leading to a loss of reputation could be terminal.
There are a number of aspects to the GDPR that will take some organisations considerable time to achieve and all organisations should be looking at this now. This draws on a range of governance, risk and assurance capabilities as well as in-depth technical and data protection skills.
Educate
- GDPR Organisational culture
- Bench marking
- Brand awareness
- Staff training
Your senior management and employees on the changes that the GDPR will bring and ensure that they are fully aware of these and how these changes will affect the organisation.
Assure
- Processes
- Third parties
The processes you have in place around GDPR giving you independent and timely information on the state of your management in relation to GDPR regulation requirements.
Architect
- Policies & procedures
- Expected best standards
- Risk management
Your risk, policy and procedure environments to help you ensure your business operates effectively in line with the GDPR regulation requirements.
Manage
- DPO Outsourcing
Your GDPR requirements and objectives, making sure you blend education, architecture and assurance in a way that is appropriate to your operation.