EU GDPR: What To Do, When To Do It

Promontory | 05/24/2016

Do Now: Start the Change Process

Become familiar with the GDPR and raise awareness of its significance by:

Identifying elements of the GDPR that are most likely to affect your organization, particularly in relation to: business strategy, infrastructure and IT planning, new market ventures, and business-model development
Developing a vision of the changed business and preferred outcomes for the organization in the context of the GDPR
Communicating key messages about the GDPR with senior internal stakeholders

By Spring 2016: Initiate the Program

Set out a GDPR change-program plan by:

Obtaining a mandate from decision-makers to establish the change program
Establishing the activities needed to achieve the required change, and the resources required
Defining success criteria for the program and activities to be undertaken
Formulating a program approach and governance structure
Recognizing the interdependencies between this change and other initiatives underway or planned
Understanding the need to manage the change program while maintaining business as usual
Establishing a stakeholder-management plan and engaging key people in the business about the changes required

Identify strategic and critical questions for immediate consideration, such as:

Location of the organization’s main establishment
Appointment of a data protection officer
Risk appetite in the context of higher maximum fines
Potential impact of the U.K exiting the European Union after a referendum

Identify GDPR personal-data processing topics that are critical to your business model, for instance:

Lawfulness of processing, in particular the use of consent or legitimate interests
Processing of children’s data
Processing of special categories of data, or data related to criminal offenses and convictions
Use of automated decision-making, including profiling
Organization as a data controller and/or processor
Conditions for transfers of personal data to third countries
Data processing for specific situations, such as for journalistic, scientific, or statistical purposes

To read more, please log in

This site is operated by NetDiligence®. Links found within this site may open a new browser window and take you outside the Sompo International's Cyber Risk Portal to another website, the contents of which are maintained by third parties over whom NetDiligence and Sompo International have no control. We provide links to these external sites for your convenience and awareness. We accept no responsibility for the content of linked sites. Upon request of the content source, we will remove links.

Learning Center Article

EU GDPR: What To Do, When To Do It

Related Content

Beyond GDPR: Data Localization Abroad

The EU General Data Protection Regulation (GDPR)

EU GDPR: A Primer

GDPR One-Stop Shop - Guide & Map

Featured

Deploying AI Systems Securely

Top Security Controls of 2024

Q1 2024 Data Breach Analysis

Secure by Design Alert Eliminating SQL Injection Vulnerabilities in Software

Deep Fakes Causing Real Harms: Time to Take Action

Key Incident Response Procedures Every IT Managed Service Provider Must Master

2023 BEC Spotlight Report

Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns.