GDPR - does anyone know where to start!?

  • For those of you who are in the EU, I’m sure you familiar with GDPR?
    I have to say I am rather clueless with all this and have been tasked with putting together a strategy and ensure my organisation is fully compliant when it comes into effect end of May. That’s a ton of work between now and then just for one person and especially as I don’t have any experience really when it comes to data/information management.

    What do I do need to do from a practical point of view? I’ve started by putting together a document explaining GDPR and the process to my other 4 colleagues in the office – so that covers the preparation phase as it were, what comes after that – policies?

  • Get some external help.
    We had 2 people go on some training course to be the project leaders for GDPR.
    all i know about it is we need to tighten things, like securing all access to the network, put policies in place for stuff 🙂

    Oh and a whole lot more stuff for IT to do 🙂

  • I agree with @hobbit666. GDPR compliance is massive. It is also significantly larger than IT. It will require buy-in from every level of your organization. You have quite a bit of reading ahead of you. There are many resources out there already. Here is one that I found that looks promising:

    Disclaimer: I am not a GDPR expert, nor does it currently affect me. I just guided an organization through a two year compliance process with NIST SP800-171, so I have an understanding of what governmental compliance entails.

  • In my last job a horde of consultancy companies proposed gap analysis to us. That's a good starting point. Then you just need to be prdpared to spend a lot in useless stuff.

Log in to reply