Better protection for EU citizens
The purpose of GDPR is to protect the personal data of EU citizens. It will provide greater assurance of how the information is being used and protected when engaging with services across the globe. As a result, organisations will need to take extra care in how they collect, store and use personal data as well as how they obtain personal consent.
The regulation will encourage organisations to consolidate personal data into a centralised platform to be stored, protected and monitored. When working with customers, some of the considerations we examine are:
- Discovering the scope and location of personal data
- Classifying and tagging the data, e.g. ‘PII’
- Appling appropriate policies and guidelines for personal data usage and sharing
- Appling security controls, e.g. the use of encryption on personal data
- Early detection of breaches through unauthorised activity monitoring
- Providing adequate employee training
- Incident response procedures and breach notifications
- Documentation of records and procedures for request
Underpinning all of this is an effective identity management strategy to ensure that personal data is only shared with individuals or organisations that have consent from the data subject.
Get ready for compliance
A high-level approach for organisations to begin preparing compliance with GDPR is as follows:
Identify the personal data held by your business and where it is kept.
Govern how this personal data is accessed and used.
Put in place systems to protect this data and identify vulnerabilities and threats.
Maintain records, manage data requests and breach notifications.