25th May 2018 – write it down, pin it above your desk or put it in your diary. The date for EU GDPR regulation entering enforceable UK law is rapidly approaching, and many Marketing, Governance, Data Protection and Compliance teams need to start thinking
about how prepared they truly are.
We know that GDPR presents a great opportunity for companies, however with less than six months left to prepare before the regulation enters law, via the Data Protection Bill, unprepared organisations need to realise that there is still plenty to do.
Are you ready for it…?
Each organisation is different, so it will depend how far down the road you are and how you’ve prepared. Some will be starting from scratch and will need a full data governance-led approach that considers the people, policies and processes that will help
them get in line with the new regulations. In comparison, other will only need to update their processes such as subject access requests (SAR) responses, internal training schemes and privacy policies.
Whether you’ve started or not, it is important to consider additional time for any unexpected or unknown issues that may arise. As with all major changes, it’s important to regularly review your processes and question what is working and what isn’t in order
to quantify these potential events.
Preparation is key
Everyone always says preparation is key, but sometimes it’s difficult to know where to start – or if you’re half way through and have hit a brick wall – what to do next. To help get a broader view of your preparedness, we’ve listed 10, non-exhaustive, questions
to ask your organisation about GDPR. This should help provide a good basis to move forwards from and will highlight any specific areas that need more attention.
1. Have we looked at every digital store of personal data in the company?
2. Have we regularly checked our data for sensitive or personal information?
3. Are we cataloguing personal data in a way that supports progressive data quality management?
4. Are we confident that within 1 month we are able to turn around SARs?
5. Are we prepared to deal with (potentially) hundreds of SARs simultaneously?
6. Are we prepared to deal with a data breach? Do we have a crisis plan?
7. How can we minimise our data?
8. How can we uniquely identify an individual across our data estate?
9. Can we demonstrate the effectiveness of our data accuracy technologies and processes?
10. Do we have a single consent view as well as a single customer view?
You may have answered ‘yes’ to one or more of these questions… congrats. However, if you’ve answered ‘no’ to more of these questions that you have ‘yes’, don’t worry, there is still time to make necessary changes and start preparing. It would be most beneficial
however if you chose not to delay preparing your processes or associated technologies any longer.
Laying your foundations: Implementing GDPR regulations with three simple steps With less than two thirds (59%) of UK businesses aware of the implications GDPR will have for their company and only six% saying that they’ve prioritised preparing for GDPR, it
seems apparent that companies still need educating before moving forwards.
Step 1: Assess
What are your top priorities? From both a business and data centric perspective, it’s important to start looking at what your priorities might be and see whether or not you’ve challenged previous assumptions in play. Starting to think around how preparing
your organisation for GDPR will be beneficial for your customers and colleagues.
Step 2: Advance
Developing a programme to help you prepare is great for your organisation but make sure you break it down into small, manageable tasks, especially when looking at the topic of data breaches. Plan how you will focus on processes that support consent, SARs,
and underlying data accuracy. This will enable you to focus your resources ahead of the deadline. Taking a pragmatic approach towards this will ensure the biggest tasks get tackled first.
Step 3: Assimilate
Training customers and users on the regulations as well as the new processes that your organisation is bringing in will also be important. The sooner you crack this, the more prepared both yourself and your user base will be. Additionally, you will want
to stress-test practices, processes and policies before the deadline arrives.
If you’re also planning to improve your data accuracy schemes then it will be necessary to integrate this into your systems, ensure that your data is accurately monitored, and reported, and build a data quality firewall to raise the alarm before a risk is
escalated.
These 10 questions are just the tip of the iceberg in terms of what you should be asking your organisations – so it is important to research further to know what else needs to be done before the regulations come into action. Zero-in on potentially unknown
issues and make sure you have an in-depth plan of action to tackle anything that may arise. GDPR will be a fantastic opportunity for your business, and with five months to go, it’s time to get going.