Post May 25th – The five tenets of GDPR Compliance


Now that we have surpassed the ingrained date of 25th May for GDPR we thought it would be worth outlining five key tenets for companies, large and small, to adhere to with regards their GDPR compliance:

1.  Data Discovery -Understand what personal data you hold and why

Everything flows from understanding the personal data you hold as a company and why.  The larger the number of data islands the harder this problem becomes. This is why The File Fabric provides content discovery for PII.  Unify your data islands, be they on-cloud or on-premises, and get a standing position for the personal data you hold, why,  the process for holding and removing it, and where it should be stored.

2. Secure Personal or Sensitive Data

The GDPR expect companies to give their best effort to the security and transparency, in terms of use, of the personal data they hold.  From a security perspective it is no longer good enough to rely on the ‘but my service provider encrypts data at rest’ statement.  The genie is out of the bottle with argument. It has been proven  that despite this data can be stolen.Companies should be encrypting sensitive data by default. This is what the File Fabric does. It can stream encrypt data with FIPS compliant encryption and it is done transparently so it does not get in the way for end users. Anyone who gets access to that data direct will not be able to use it unless it is decrypted via the File Fabric.

3. Data Enforcement -> Policy governance

Discovering what personal data is held is a’line in the sand’ position. As soon as its done it is historic. Policies need to be put in place as a prevention mechanism on a day-to-day realtime basis. Its not good if these don’t work for your organisation. That is why the File Fabric integrates with best of breed productivity tools such as Microsoft Office, Libre Office, Outlook, Mac Mail etc.These policies can help protect data before  there is a problem, and in the background the PII discovery mechanism is monitoring every new upload and informing the nominated personal if sensitive data is discovered.

4. Train Personnel

Training is often overlooked but it is a key part of compliance and security for any company. Have your staff buy into why they need to be vigilant about how they work and what risks are posed by not doing so. Ensure they no more about the GDPR rather than just knowing how to spell it!

5. Continuous refinement of internal processes

GDPR did not end on May 25th, it is for life  ! You will no doubt have made some changes on processes. On others you may not have yet got to them. Make an effort to do a six sigma on your processes. Make it easy and efficient for your company to respond to Subject Access Requests, or Right to be Forgotten Requests. Ensure all staff are trained to deal with such requests. Ensure physical data is just as secure as digital data. Go the extra mile to process refinement.The world has changed. Data governance is no longer a nice to have. It is a must have. There is no one stop solution to GDPR it is one part technology,  one part process, one part people.All companies need to start thinking like a bank as there is no doubt compliance will continue to dominate corporate culture over the coming years.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather
The following two tabs change content below.