<img alt="" src="https://secure.page9awry.com/217738.png" style="display:none;">
Alert added

Hello! If meeting people makes you awkward, sign up for the newsletter. We'll stay distant until you're ready. 

  • Document Security

What to expect from a GDPR readiness assessment

write-593333_1920-091751-edited.jpg

The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018.

Is your business ready, or has the initial panic about GDPR readiness subsided?

If your business has effectively shoved GDPR under the rug in the belief that it’ll be tackled eventually, you’re sitting on a time bomb. Conducting an assessment and setting up a roadmap are vital tasks you’ll need to undertake today if you’re to avoid costly problems come next May.

write-593333_1920-091751-edited.jpg

Thankfully, there’s such a thing as a ‘GDPR readiness assessment’, and every business that handles, stores or processes data in any way should undertake one as soon as possible.

What is a readiness assessment?

The assessment will ensure that the right measures are being taken towards GDPR compliance.

It’ll look at both the organisational and technical undertakings and expect to see which data protection capabilities are currently in place.

The readiness assessment is far more than a checklist; it will engage stakeholders from all areas of the business and use workshops and discussion groups to identify latent risk and identify new data protection opportunities.

Do you have PIA?

Privacy Impact Assessments (PIAs) are used to proactively build privacy into the systems your business relies on. The readiness assessment will identify whether or not you have these in place.

Simply having a PIA isn’t enough. A readiness assessment will look beyond the existence of checklists and instead consider how each PIA helps foster data privacy within the organisation.

For example, a checklist that enables IT leaders to ensure they’re addressing Article 35 of the GDPR is a good start, but does it encourage privacy by design?

While you may have the measures in place, you might simply be collating a mass of PIA documents that raise operational costs yet don’t provide any tangible benefit for the owners of the personal data you store.

A readiness assessment may therefore suggest that you replace narrative questionnaires with PIA tools and staff training that helps the workforce conduct a more meaningful privacy assessment process.

Planning for the worst

Readiness statements will check to see if your business is capable of responding to data breaches.

You may believe this to already be in hand. After all, you might have identified potential data breach scenarios and assigned responsibilities for every task that’s likely to follow; there’s an escalation process and communications plan for customers, the supervisory authorities and your employees.

But what about activity on the database itself? Are you monitoring that?

A readiness statement might confirm that while you have the right incident mitigation process in place, the poor line of sight on database activity means there are still too many risks at play.

Not just a box-ticking exercise

Simply ticking boxes won’t make for a GDPR-compliant data protection program.

A readiness statement will conduct careful analysis of the way in which your business handles data and identify any risks for which you’re unprepared.

The roadmap that results from a successful readiness statement will pave your way towards GDPR compliance and ensure your data is safe from inadvertent leaks of information.

Related articles

Lots of third-party scripts in play, mobile scores simillar across pages which removes focus from codebase - Tidy up resource hints(https://www.debugbear.com/resource-hint-validator?url=https%3A%2F%2Fwww.xenith.co.uk%2F) - Consolidate third-party scripts to tag manager?