Eight months may seem like a very long deadline until GDPR comes into force. But, due to the size of the project, it is recommended that companies begin to plant the first seeds to reach GDPR compliance in time.
In this GDPR blog we provide four first actions that companies should carry out:
Create awareness within the organisation
The GDPR regulation will be mandatory as of May 2018, which provides a period for companies to adapt to the new regulation. If your company has not yet responded to the legislation since being entered into force back in May 2016, you must begin to evangelise to your colleagues now.
The implications and complexity of GDPR compliance has not yet been felt in some organisations. Many are carried away by the simplistic message that, if personal data is safe, compliance with the regulations will not be a problem. Not having suffered security incidents to date does not imply compliance with GDPR.
Start as soon as possible
Adapting to the new regulation is a considerable task, which involves reviewing a multitude of processes, analysing large volumes of information and requiring the involvement of many professionals within the organisation. He who warns is not scorned: projects that involve different departments and people usually always take more time than is considered in the initial stage.
Set a roadmap for when GDPR comes into force
The aim is to establish the plan that broadly establishes the sequence of stages to achieve the objectives set for compliance with the regulations. It must be thought of in a schematic way, as a living and flexible document that will lead to action plans with more detailed lines of action. In addition, it will be very important to specify the deadlines and resources necessary for greater operability.
The purpose of the roadmap is to serve as a basis for the company to know where it is and what it must do, to reach compliance with the new regulations. Specific objectives are defined, in addition clear strategic lines are drawn for the different processes involved.
Identify key people in each area
People are the most important factor and the most valuable resource in the management of any project, especially in those ground-breaking projects that do not have standard methodologies.
Therefore, it is critical to identify those professionals capable of seeing the organisation in a global way and the way changes can affect them, realistic people with clear objectives, open to other points of view and accessible to all people. And also persuasive, since they must involve other professionals and make decisions related to the project. In short, the best. Once identified, be sure to involve them in the compliance project.
In order to get prepared for when GDPR comes into force, speak to Prodware.