GDPR represents a level of trust with your customers and this can only be a good thing. Taking personal information and data protection seriously is long overdue. GDPR is here and its job is to protect companies and their customers. Also help build long-term relationships based on mutual respect. Now that does not sound like a bad thing for all concerned. However what does it actually mean and when does it apply?

GDPR was enforced as of 25th May 2018	Enforced to all that process personal data of European residents. This is Law.	€20M or 4% of annual revenue could be at stake for non-compliance

The next question is how do we get there and what does it all mean?

Well it means that if you want to hold or process data from EU data subjects i.e. end users, customers and employees – You need to know what is required to do so.

There are 2 main sides to GDP compliance and they are Privacy and Security. So this manages the Privacy of the EU data subjects and Security of who can access the data and use it.

There are 5 stages to full GDPR compliance.

Assess	Design	Implement	Review	Audit
Take a look at where your data is stored. Find data stored and if there is a prior agreement to what it is and how it is used. Assess security gaps and grade them on level of vulnerabilities Identify a roadmap.	Develop Roadmap to compliance and design implementation plan Design policies, Business processes and technology to be used. Identify people who will be responsible to maintain compliance Create Security plan and remediation document	Implement the plans for Privacy and security. Distribute policies and procedures to all EU Data Subjects. Manage security based on access control. Monitor an alert on access. Implement encryption / privacy enhancing controls Remediate on any issues found during implementation.	Manage the processes and re-evaluate how they are used and distributed. Top down approach to assessment of data management. Review on a defined regularity. Continuation of managements to threats and proactive monitoring to ensure future compliance.	Test your processes and document findings. Track the data and provide audit trail of how it was used and processed. Document report based on the monitoring elements and evaluate GDRP activities. Manage and remediate any breaches to any part relating to GDPR.

So now we have the life cycle reviewed what part of the process looks like where you are? Do you have someone guiding you through this process? Does this all still look confusing and causing headaches?


Well Tractive Solutions can be here to help you through this.


Email to enquiries@tractivesolutions.com
Or complete our Enquiries Form.