Want to boost your GDPR compliance effort? Get your people involved.
Learn how organizations struggling with GDPR compliance can get where they need to be by taking a collaborative, team-based approach.
With the GDPR compliance deadline right around the corner, many organizations are working through various stages of preparation. According to Forrester Research’s report, The State of GDPR Readiness, about 30% of companies globally are fully GDPR compliant.
However, the report also notes that only a fraction of these organizations includes data classification and data discovery as part of their preparation for GDPR. Instead, many have focused their efforts on IT to meet compliance requirements.
But is this the right move?
GDPR compliance is everyone’s responsibility
We partnered with SC Magazine to host a webcast on March 20th at 2:00 p.m. ET with our VP of Customer Success, Doug Snow, and featured guest Enza Iannopollo, a research analyst with Forrester. Doug and Enza will discuss why collaboration across the organization is important to achieve GDPR compliance.
We sat down with Doug to get some insight on what GDPR compliance means for organizations today and to learn what role employees must play.
It seems like GDPR is putting a microscope on the way personal information from customers and employees is treated. What’s your take on that?
Doug: GDPR outlines some important information about security process and data protection by design and by default. The last two words really stand out to me – by design and by default.
Organizations don’t always know what data they have and where it came from, but with GDPR they will have to take a close look at all the ways they gather, classify, protect, and share information across the business.
What do you think will change the most when it comes to data protection “by design and by default”?
Doug: I think we’ll see security and risk professionals familiarize themselves with the design processes and systems in marketing, finance, legal, consulting services, HR, and any other group that handles personal information.
The first step is for people to come together and provide insight into the type of information they deal with on a regular basis. Transparency helps people adopt a culture of security that values collaboration across the business to properly protect information.
You mentioned the potential need for security and risk professionals to get involved in process design from the beginning. What else is their to-do list for GDPR at this point?
Doug: I’ve spoken with quite a few S&R pros lately and they’ve all mentioned a few things. First, they’ve been working with people from across the organization to understand what kind of data they have and where it is.
Second, they’re working through a risk assessment that specifically talks about information ownership. I think educating employees about information security and data protection is very much part of the prep work for GDPR because the way we create and share information is constantly changing. It’s good for employees to stop, think, and consider the business value of the information they are creating and handling.
Finally, they’re making sure reporting capabilities are in top shape because data breaches must be reported to the proper supervisory authorities within 72 hours.
What do you think GDPR means moving forward?
Doug: GDPR is a great opportunity for organizations to demonstrate the thoroughness and care they take in handling personal data. It’s about being a responsible organization, through and through.
Because, at the end of the day, we’re all responsible for information security. So, I look at it as an opportunity for people within an organization to mature their secure information handling practices – all to earn new business, improve customer retention, and boost employee engagement around information security.