While some organizations have written about the impending GDPR deadline and potential fines, or re-printed an exact copy of the text itself, TRUSTe has taken the 200+ pages of the GDPR and translated it into practical implementation steps for an organization of any size or maturity.
The implementation steps are grouped into five actionable phases:
- Building a Program and Team
- Assessing Risks and Creating Awareness
- Designing and Implementing Operational Controls
- Managing and Enhancing Controls
- Demonstrating Ongoing Compliance
A sample implementation step is developing a DPIA program, which includes creating templates, conducting DPIAs, managing remediation, and providing compliance reports.
The guide also includes references to specific articles, best practices tips, and which stakeholders in your organization should be involved with each implementation step. Because involving stakeholders outside of the privacy office can sometimes require speaking the language of the department you are trying to engage, the guide also includes examples of how compliance can benefit various departments:
- Information Technology: identifying storage redundancies can reduce IT complexity and save IT dollars.
- Information Security: understanding what data reside in which systems can help Security prioritize their protection efforts and establish appropriate access controls.
- Operations: visualizing flows and uses of data throughout the company can help Operations identify redundancies and improve efficiencies.
- Procurement: identifying points at which the company shares information with third party vendors and understanding the sensitivity of the data being shared can help procurement approach third party management and contracts in a risk-based, efficient approach.
Tips like these will enable your organization to begin implementation items today. Everything you put in place ahead of the deadline will enhance your overall privacy program and further your efforts to minimize risk, ensure compliance, build trust, and protect your brand.
Get this GDPR Essential Guide to help you on your path to GDPR compliance.
If you need technology solutions backed by expert privacy consultants that can help your organization with its GDPR needs, contact us today to learn more.