As of May next year a new General Data Protection Regulation will be changing the way businesses have always handled data. A pressing problem for most organisations is where to start with GDPR when they don’t know what data they currently have or how they are handling it. The even bigger question most organisations will face is who will actually handle this mammoth task.
If you are wondering what to do next, fact check yourself against these three steps.
What are your current capabilities?
Before GDPR has everyone reeling it is important to look internally and assess what your current capabilities actually are. The first step is to run an internal audit. In some organisations the responsibility of GDPR will sit with the legal team, however with most it will be in the hands of the information security function or a designated Data Protection Officer. Either way these departments will need to have knowledge of the new regulation and the growing power to take on the work load.
Get the right people in
Once you have a good understanding of any gaps in your resources it is then advisable to seek help from specialist suppliers who are engaging with the challenge of GDPR. Resourcing suppliers withspecialisms in IT and Cyber Security should have the capabilities to source either an individual or an entire team who have the ability to handle GDPR from the outset,without further training or investment.
We have already been approached for a number of permanent and contract roles across a huge range of commercial sectors including financial services, consultancies and SME’s. These positions have been anything from entirely GDPR specific hires, to blended positions which will encompass the demands of GDPR alongside other responsibilities. Seeking an experienced supplier who is already actively sourcing candidates for roles like this is essential when finding the appropriate blend of experience and business acumen to do the job.It will pay off massively when it comes to finding the right person.
Have you sought business buy-in?
A key challenge for anyone working in this area is advocating a change in behaviours.In order for organisations to successfully adhere to GDPR everyone within the company needs to be fully on board with what impact this will have to the business and to their daily routine.
To prevent any resistance to the work that needs to be done, education and awareness as well as collaboration between business units are essential to the program. In some organisations this has resulted in ‘GDPR Champions’; individuals who sit within different areas of the business to pioneer the strategy and serve as a point of contact for that function. However you choose to do it, looking at ways you can raise business understanding of what they are doing and why is an essential step to making the process between now and May 2018 a much less smoother road.
Return to view news articles
Mary Worthington, Cyber Specialist at Sanderson, has this week answered the question ‘Who will keep you out of trouble with the GDPR?’