GDPR compliance is an ongoing concern for affected organizations
Learn why it’s vital to prioritize GDPR compliance among your business priorities in order to meet regulation requirements.
It’s been six weeks since the General Data Protection Regulation (GDPR) went into full effect in the EU. But it’s still top of mind for most organizations.
Why? Because so many aren’t yet ready.
In fact, according to an ISACA research paper, only 29% of organizations were on track to be fully compliant by the deadline. Respondents indicated only 39% of staff have had adequate training to maintain GDPR compliance.
Even organizations that were ready on May 25 this year are already struggling to maintain compliance.
What are the biggest challenges to GDPR compliance?
Clearly, there are significant roadblocks to getting ready for GDPR that organizations have to address. Here are the top three identified by respondents in ISACA’s 2018 GDPR Readiness Survey:
Data discovery and mapping
You can’t adequately protect data you don’t know you have. That’s why it’s critical for businesses to get a solid handle on the handling of personal data. Clearly identifying sensitive personal information is not easy, and it requires all hands on deck. Organizations will need to push for a culture change through strategic deployment of information security policies as change enablers.
Prioritizing GDPR compliance among business priorities
Every business has competing priorities, but GDPR’s risk factor (up to 20 million pounds or 4% of annual global revenue – whichever is greater) is high stakes for any business. The EU has sent a loud and clear message that personal data protection matters enough that breaches should have big consequences. But it’s not an easy shift to make to operations.
Organizational education and change programs
Anyone who’s ever led a large-scale change initiative can appreciate the difficulty of getting buy-in across the organization and rolling out education programs. GDPR requires an unprecedented level of collaboration and commitment to know what data is impacted, how it should be handled and helping employees get up-to-speed on new processes and procedures.
How do you take effective action and maintain GDPR compliance over time?
Join me on July 19 at 12:00pm EDT for an ISACA webinar where I’ll talk about:
- Getting organizational buy in to ensure data protection is built in, not bolted on, to your business processes
- Designing an effective and inclusive change management process to support privacy by design and by default
- How to educate and empower employees to identify and protect personal data, without disrupting your business
GDPR isn’t going away and similar regulations in other jurisdictions will come before we know it.
The key to ongoing compliance is designing operations with data protection in mind.