MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The first 3 steps to GDPR success

Tick-tock, tick-tock. Sounds like time ticking closer to the 25th of May 2018 when the EU General Data Protection Regulation (GDPR) will finally be upon us.

These aren’t just minor changes to the Data Protection Directive that came out in 1995, these are wholesale changes that transform the way every business has been processing personal data up until this point. Some of the major differences include:

Companies can be fined 20 million EUR or up to 4% of their worldwide turnover for violations of GDPR.

The regulation will apply to non-EU businesses that operate in the EU (processing personal data in the region.)

You should already be well on your way to finalising your GDPR plan to avoid being one of the companies who ends up in a blind panic closer to the time. But if not, then we’re here to help you out by letting you know what the best first steps to take are so that you can ease yourself into it.

Step 1: Groundwork

The first step is to identify the key stakeholders as soon as you can. If you’re having trouble doing this, we suggest shocking them with the massive fines your company could face. This should be enough to jolt them into action.

Not only does having a comprehensive GDPR plan in place eliminate the risk of these fines, but it also gives you a competitive advantage over your competitors as you become a known bastion of personal data protection.

Step 2: Collate information

You will need to know what personal data you are collecting, how and where its used, who its shared with and what existing compliance measures you already have in place. This helps you make a start on complying with certain GDPR requirements, such as keeping a record of processing activities and the principle of accountability which underlines the entire regulation.

Step 3: Review

Once you’ve got all this information you will need to review it. What you will get after this is a gap analysis. For example, you may already have a data protection officer and a robust method of checking data processing activities. If so, you should make sure these both fit in with GDPR then you’ll be able to see what other gaps you may need to fill in for GDPR compliance.

These first steps should set you in good stead as you set off in your GDPR journey. Also, if you are UK based and wondering if GDPR will apply to your business then have a look at our blog on the subject here.

SPOILER ALERT: GDPR applies to you and your business regardless of Brexit.

We can support you with your GDPR plan, whether you need an end-to-end GDPR solution or if you just need to fill in the gaps. If you’d like to find out about our GDPR offerings, please get in touch here.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations