As the 25th of May fast approaches, many organisations are contemplating whether they are ready for GDPR legislation to come into force. All entities, inside or outside the European Economic Area (EEA) that collect and process data of EEA residents will need to ensure they can meet the requirements of GDPR.
Many organisations have found this a challenging task, as creating a GDPR compliant strategy is not straightforward. The regulation is wide, untested and there are many aspects still open to interpretation.
So what can you do?
Establishing a legally defensible position is the simple answer. Organisations must be able to prove to the ICO that they are in a place to measure, monitor and quantify all their controls to mitigate risk, in every aspect of their business.
If your organisation is not able to answer the following questions promptly, then your legally defensible position is already flawed.
- What data do you hold?
- Where is that data located?
- How are you using the data?
- Do you have a reason to hold this data?
- Do you have consent to hold and use this data?
If you consider the complexity of processes, applications, contracts and other areas that may hold personal data; there is no doubt that creating a legally defensible position takes time and effort.
However, this mandatory change can be an opportunity to embed a culture of trust and confidence in your organisation and the industry as a whole. New and revised processes can promote competitive advantage and business growth, by encouraging efficiency and customer centricity.
r10 Consulting can help your organisation to mobilise a GDPR approach with detailed analysis and design, followed by the delivery of a developed roadmap. Get in touch for more information on our approach.