Your GDPR project is on the way. Have you considered everything?
All of the noise and information on GDPR to date has revolved around data governance and the day-to-day management of data.
However, whilst this is undoubtedly important, there’s so much more to GDPR.
We’ve built a 3-block check-list, you can use as part of your GDPR preparation. It’s designed to allow you to minimise your risk and start building GDPR accountability as an ongoing process in regards to IT and data life cycle management.
3 key building blocks that you will need to consider are: 1. Data inventories and retention policies 2. Data Sanitisation 3. Information security and control
1 – Why do data inventories matter?
Understanding what data you have is the first step towards demonstrating your accountability to GDPR.
Having peace of mind about what data you have, allows you to start an exercise of analysing how you prioritise and treat that data.
You may discover that some departments haven’t registered the data on a centralised repository, where it’s easily accessible.
The point is, you don’t want to get down the road and then realise you are discovering data you weren’t aware of.
Get ahead, build a data inventory roadmap.
2 – Why delete does not equal erasure?
How often have you seen laptops lying around the office, or disposed of in the stationary cupboard?
In a GDPR world this would make you open to potential fines. No one wants to be hit with a hefty fine for an issue that can be eliminated quite easily. The answer?
Start to build an IT life cycle plan and in this particular instance think of the end game; disposal and replacement. It’s critical you erase all data from redundant IT devices. Remove the risk from your business – think about data sanitisation.
3 – Information security and Control
Data is one thing, but having control of information and being able to demonstrate how you manage the security of that data is equally important.
You need to have complete visibility and control of your IT portfolio. Where are assets located? Who’s using them? When they used them? What software is on them?
Having visibility 24/7, 365 days a year shows you have control, making it easy to demonstrate your accountability of GDPR.