Are we doing GDPR right?

Data Trust AssociatesGDPR

By now your company will probably have started it’s GDPR journey. As GDPR involves a wide range of topics, all departments of your organisation are involved – either as affected parties, supporting departments or both.

That’s why it’s important to not implement GDPR from a purely admin or legal point of view only, but involve IT, data & information management, process management, business architecture and others to support and accelerate the implementation.

It’s important not to implement GDPR from a purely admin or legal point of view only,  something we still see a lot of companies doing.

Some GDPR activities like creating a register, appointing a DPO or privacy representative, updating privacy policies, defining legal ground & purposes are all more admin focussed activities that can (theoretically) be performed without good insight/understanding of an organisation’s personal data.

In reality though, the register will probably not be complete if only processes are taken into account and insight in personal data flows (in internal and external systems, integrations, applications etc.) is missing.

The register (article 30) will probably not be complete if insight in personal data flows is missing.

Furthermore, a number of key GDPR topics like “privacy by design & by default”, complying with the rights of the data subject, insight into a data breach and complete incident response plans, transparency about personal data processing, data quality/accuracy, etc.” are surpassing a purely admin approach and require deeper understanding of hands on GDPR challenges and the use ofpersonal data.

A number of key GDPR topics are surpassing a purely admin approach and require deeper understanding of hands-on GDPR challenges and the use of and personal data.

Many companies start with an admin approach and postpone or minimise the effort of more in depth topics as mentioned above with the risk of facing unpleasant surprises by May 25th 2018.

Many companies start with an admin approach with the risk of facing unpleasant surprises by May 25th 2018.

Free 5 min GDPR Readiness Check:

In order to find out if your company is not missing out on any of the key GDPR topics feel free to take our free 5 minute GDPR readiness check: http://datatrustassociates.com/gdpr-readiness-check/ which will provide you with insight into practical readiness of your organisation.