Now that we have surpassed the ingrained date of 25th May for GDPR we thought it would be worth outlining five key tenets for companies, large and small, to adhere to with regards their GDPR compliance:
1. Data Discovery -Understand what personal data you hold and why
Everything flows from understanding the personal data you hold as a company and why. The larger the number of data islands the harder this problem becomes. This is why The File Fabric provides content discovery for PII. Unify your data islands, be they on-cloud or on-premises, and get a standing position for the personal data you hold, why, the process for holding and removing it, and where it should be stored.
2. Secure Personal or Sensitive Data
3. Data Enforcement -> Policy governance
Discovering what personal data is held is a’line in the sand’ position. As soon as its done it is historic. Policies need to be put in place as a prevention mechanism on a day-to-day realtime basis. Its not good if these don’t work for your organisation. That is why the File Fabric integrates with best of breed productivity tools such as Microsoft Office, Libre Office, Outlook, Mac Mail etc.These policies can help protect data before there is a problem, and in the background the PII discovery mechanism is monitoring every new upload and informing the nominated personal if sensitive data is discovered.
4. Train Personnel
Training is often overlooked but it is a key part of compliance and security for any company. Have your staff buy into why they need to be vigilant about how they work and what risks are posed by not doing so. Ensure they no more about the GDPR rather than just knowing how to spell it!
5. Continuous refinement of internal processes
GDPR did not end on May 25th, it is for life ! You will no doubt have made some changes on processes. On others you may not have yet got to them. Make an effort to do a six sigma on your processes. Make it easy and efficient for your company to respond to Subject Access Requests, or Right to be Forgotten Requests. Ensure all staff are trained to deal with such requests. Ensure physical data is just as secure as digital data. Go the extra mile to process refinement.The world has changed. Data governance is no longer a nice to have. It is a must have. There is no one stop solution to GDPR it is one part technology, one part process, one part people.All companies need to start thinking like a bank as there is no doubt compliance will continue to dominate corporate culture over the coming years.by