TrustArc Blog

EU General Data Protection Regulation (GDPR) Series; Assess Readiness

November 03, 2016

GDPR Readiness Guide

For organizations that operate globally, complying with the EU GDPR will likely require significant investment in personnel, process change, and new tools.  In order to meet the compliance deadline, companies are actively preparing now. TRUSTe has developed a four phase process to help guide you on the path to compliance.  During November and December we will provide you with a series of tips to use along your path to compliance.

TIP NO. 1: Understand Current Compliance Posture

See Tip No. 2: When Developing a Plan, Consider Risk and Level of Effort

Before beginning to evaluate your organization’s privacy posture against these requirements, check to see whether the GDPR applies to your organization. Speak with knowledgeable people from across your organization to see whether your organization offers goods or services to EU residents, monitors behavior of EU residents, or has employees in the EU. Some departments to speak with are human resources, marketing, procurement, website development, information security, engineering, and legal.

After concluding the GDPR applies to your organization, the first step is assessing readiness. Before you can develop a plan, you need a high level understanding of your current compliance posture. Review a comprehensive list of the requirements using a controls checklist, one that you build yourself, or take advantage of a free easy-to-use online GDPR readiness assessment tool. Whatever tool you use, include the following areas:

  • Transparency (i.e., Privacy Policy)
  • Collection and Purpose Limitation
  • Consent
  • Data Quality
  • Privacy Program Management
  • Security in the Context of Privacy
  • Data Breach Readiness and Response
  • Individual Rights & Remedies

Looking at current operations against new GDPR requirements will allow your team to get a general idea of how much work needs to be done. With the deadline for 2017 budgets fast approaching (or past due), estimate how much budget should be allocated to privacy initiatives such as GDPR compliance as soon as possible. Not only will this assessment provide help determining budget, it will also help see which departments may be impacted the most. Engaging stakeholders from those departments early on in the program will help with the next phases.

Next week we will provide tips on developing a plan. If you would like to learn more about TRUSTe GDPR Readiness Assessment or other GDPR solutions, contact us.