Now that the deadline for the GDPR is here, has your organisation taken the right path to compliance? And what are the next steps?

For many, the drum beat which has surrounded the GDPR deadline over the last 18 months has been hard to miss, along with it the raft of information on how best to prepare. But for some, the task of navigating GDPR compliance has seemed like a steep mountain to climb and many organisations are asking questions like “Are we ready or not?”; “Have we done the right things?”; “What more should we be doing?” and in some instances it is still “What’s GDPR?”!

Looking around at your competitors may give you an indication of what others are doing but be careful not to take solace in any apparent lack of action, as they say – it’s what’s on the inside that counts. Internal processes, policies, and systems need to be rigorously reviewed and tested to become compliant with GDPR, and any shortcomings will not only be exposed by the regulator, but by your customers, hackers, and even your own employees too! Failings will not only lead to substantial fines, but it will result in reputational damage for your organisation, putting you behind the competition.

Where am I?

For many organisations it is hard to understand where they are in their journey to GDPR compliance. For others, focusing on being efficient in their handling of data protection, providing a great customer experience, and ultimately embedding a “privacy by design” culture is their next step.

The things to be done to be ready for the GDPR fall into four broad categories:

  • Your People – If your people don’t understand the implications of data protection, then you put your organisation at a significantly increased level of risk of non-compliance or breach. Basic awareness training has to be the starting point
  • What you do – This is all about making sure you have the right processes in place for safeguarding data and for e.g. responding to requests for data. This is as applicable to your employees’ data as to your customers’
  • Legal stuff – Unfortunately there is a good chunk of this, from defining a range of policies to making sure the contracts with your Suppliers  meet with the requirements of the GDPR (“Contract Remediation”)
  • Where is the (personal) data? – Understanding where you hold all personal data and how it flows around your organisation and your governance of it

Understanding your current status is the first step to GDPR readiness. Much like climbing a mountain, there are many paths which you can take to reach the Summit, but some are steeper than others.

Most organisations will fall within one of the four ‘personas’ below – where do you fit?

Figure 1 - Where do you fit?

So you know where you are, but what do you need to do reach the summit?

Figure 2 - Which path to take

Your employees are the key

By following one of the outlined paths above, your organisation will be sure to improve its processes, policies, and data privacy. However, raising awareness amongst your employees is a vital part of each path, as they can often make or break you. Whilst 60% of senior IT executives view their staff as the biggest threat to GDPR compliance, employees also represent a path towards more efficient and sustainable compliance. Employees who understand the importance and remit of the new regulation will be more willing to follow (and help mould) the processes implemented as a result. In turn, they will develop products, services, and a customer experience that have data privacy built in. In the event of a data breach, privacy conscious employees are more likely to be proactive and nurture the principle of ‘Privacy by Design’ – a key focus point of the GDPR.

Time to climb

The climb to the summit is never easy. By understanding your current footing, the best path to choose, and what areas to tackle, full GDPR compliance can be reached. Along the way a range of other key benefits will also be identified, allowing you to develop your employees, and provide your customers with an enhanced experience. Even if your competition started out ahead of you, choosing the right path now can help you get ahead.

  • GDPR: are you on the right track? 2.02 MB Download

Would you like more information?

If you want to get more information about this insight please get in touch with our experts who would be pleased to hear from you.