Now Is Definitely Time To Check You Are GDPR Compliant

It’s been a year since the EU’s GDPR (General Data Protection Regulation) was introduced. Sine then, there have been the many warning to organisations to get their houses in order and implement appropriate data protection measures for fear of enormous fines. 
 
As promised, the authorities started softly in enforcing and policing GDPR compliance. To date, the  fines imposed during the first year of the GDPR totaled €55.96 million (about £47.85 million), nearly all of that came from a €50 million (about £42.7 million) fine for Google.
 
The key question now, as that soft start wanes, is: how can you check that your organisation truly is GDPR compliant?  
There are four key areas you need to consider:
 
General Compliance
The GDPR includes 99 articles with hundreds of individual legal requirements, some of which only apply to some organisations, or only in certain circumstances, so it can be difficult to really gauge whether you are meeting your obligations. 
A gap analysis guides you logically through all the Regulation’s relevant requirements to identify which ones you are meeting and where you are falling short. It gives you instant visibility of your current compliance status and enables you to easily identify the actions you need to take to protect personal data and comply.
 
DSARs
A DSAR (data subject access request) is a request from a data subject, whether a customer, partner, supplier, employee or other stakeholder, for a copy of the personal data you hold and process about them. Under the GDPR, you must respond to a DSAR within one month and for free, and you must make sure that you can demonstrate that you have met this obligation. 
Clearly, then, it makes sense to have a consistent and, where possible, automated means of responding to DSARs. The gap analysis may identify this as an area you need to work on. 
The point is that, to achieve ongoing GDPR compliance, you need to ensure that every new DSAR is treated properly.
 
Breach Reporting
GDPR compliance requires you to keep a record of all breaches and incidents involving personal data that occur within your organisation, and it’s valuable to streamline how you report these to your supervisory authority. 
Again, the gap analysis may identify this as an area you need to work on, but to maintain ongoing GDPR compliance, you need to ensure that your recording and reporting processes are adhered to every single time.
 
Third-Party Management
It is important to remember that the chain of responsibility for GDPR compliance stretches beyond the boundaries of your organisation to any third-party partners or suppliers that are involved in processing personal data. You need to be able to monitor these and ensure that they are contributing to, not damaging, your own GDPR compliance.
 
Only by taking a logical approach to all four of these areas can you be sure that your organisation is truly GDPR compliant, and only by reviewing them on a dynamic, continual basis can you be sure that you are maintaining compliance.
 
Now is the time to check your GDPR compliance – here is the European Union Official GDPR Checklist 
 
Security Boulevard
 
You Might Also Read:
 
GDPR Alert As Average ICO Fines Double In A Year:
 
 
 
« Is Artificial Intelligence Ready For Your Organisation?
Britain Hacks Back »

Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

WEBINAR: Shifting Your Network Security Architecture To The Cloud

WEBINAR: Shifting Your Network Security Architecture To The Cloud

Thursday, July 8, 2021 - In this webinar, SANS and AWS Marketplace will discuss how to adapt network security architecture and control implementation to a cloud-based model.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

ERPScan

ERPScan

ERPScan’s primary mission is to provide Smart solutions to assess and protect ERP systems and business-critical applications from both cyber-attacks and internal fraud.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Hdiv Security

Hdiv Security

Hdiv Security is the first product in its class offering protection against Security Bugs and Business Logic Flaws throughout the Software Development Lifecycle (SDLC).

Portshift

Portshift

Portshift leverages the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications security.