The EU GDPR will apply to US organizations too – follow our key steps to compliance

In the first of three articles on EU General Data Protection Regulation (GDPR) compliance, we explain the first steps towards starting a compliance project and provide details on IT Governance solutions for those that need extra help.

  1. Establish an accountability and governance framework

The board must understand GDPR implications in order to support the project and allocate the resources required to complete it. A director will need to be assigned accountability for the GDPR ;data protection risk will need to be incorporated into the corporate risk management and internal control framework.

  1. Create a project team

A person or team must control the project and they will need a significant understanding of the business and the GDPR applies to its operations.

  1. Scope and plan the project

Once the GDPR team is aware of the ins and outs of the Regulation, it will need to work out what parts of the business fall within the scope of the GDPR (business units, territories and jurisdictions).The team will also need to identify which standards and management systems may be affected or could contribute to GDPR compliance, e.g. ISO 27001. Speak to your IT team to find out if there are any projects starting soon that involve personal data, as these will be candidates for “privacy by design.” The essence of privacy by design is that privacy in a service or product is taken into account not only at the point of delivery but also from the inception of the product.

Conduct a data protection impact assessment (DPIA) to help organizations to identify, assess and mitigate e privacy risks with data processing activities. They’re particularly relevant when a new data processing system, process or technology is being introduced so that you can implement privacy by design.

Our GDPR – DPIA service provides an on-site assessment by one of our experienced data protection consultants. Contact one of our account managers for details.

In the next blog: steps 4–6.

Compliance is a journey and time is required to become and remain compliant – start today by contacting us.