As we entered the ground rush zone for the GDPR a number of organisations issued numbered guidance documents in preparation. I joined in and published a blog article on my linkedin blog called “Beyond Adequate Protection”. This had my five point list of tasks to be GDPR compliant. I summarise them here,

  1. Know and document your personal data catalogue and its lawful purpose
  2. Create an identity solution for your data subjects, so subject access requests can be fulfilled
  3. Build a record keeping solution
  4. Ensure that your incident management solutions are compliant
  5. Implement changes to the software development Life Cycle(SDLC) to include privacy impact assessments
barbed wire fence
Beyond Adequate Protection from @flickr Alexandre Dulanoy 2010 CC BY-SA

The original article deals with these in a bit more detail but I finish by saying that it’s only this easy if your organisation already meets the need to provide adequate technical and organisational protection.

Five steps to Compliance
Tagged on:         

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.