The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years and this will be a new revolution in the market with regards to Data and Data privacy. After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 - at which time those organizations in non-compliance may face heavy fines.
HOW WILL YOU MAKE YOUR ORGANIZATION GDPR READY -
STEP 1. Research and Understanding . First things First, Focus on the scope of this regulation and what are the areas where we should act upon , areas related to Data , data safety and Data Storage and create a concrete checklists to make the Organization GDPR compliant and Ready.
STEP 2. Risk assessment Analysis . A complete Risk assessment on the systems used for processing and controlling data within the organization need to be done to make sure that the data are organized and stored at the right place.For example, while testing various applications , we take screen snippets if we come across a bug so that we can attach them and raise it to the development team. As an organization always make sure that the screenshots are stored in JIRA, TestLink, Team Foundation Server , VersionOne and not in any local systems to come under the compliance.
STEP 3.Setting up SPOCs within the Organization . More the knowledge, the Better it is. Since the EU has announced the GDPR act , you should assign Special Point of Contact within the organization to grab the knowledge , ingest the articles related to it and also spread the awareness within the organization. For Any assistance,there must be a team ready within the Organization to make things fall in place .
STEP 4.Creation of Action Plans . As GDPR is a crucial initiative and the timeline is set as 25th May 2018 , you need to track the progress and the outcomes of the results in a platform which is easier and visible to all the members whenever needed. Use of Agile tools will help you in this to filter the progress along with the valid results .
STEP 5. Investigation Report and Solutions . You should have a report ready with all the data information and storage path details and also have the explanatory details so that if in near future any Data Protection Officer comes for an inspect, he should feel things are handy and smooth. Solution to the GDPR compliance must be processed by the management team that how they can use a cloned data and what technologies they should use.
STEP 6. Formation of an Audit team under GDPR compliance. When you have your investigation done and you are good to go with the GDPR Compliance, you must have an Audit team who will review the situation and look into every corners related to the data privacy and security. The Audit Team should be aware of the Articles related to GDPR and this point of time the SPOC will also be helpful.
STEP 7. Educate the associates within the Organization related to GDPR. It is very important for all the associates within the Organization to get familiar with the GDPR rules and the consequences if we are not compliant. Create different seminars by dividing the team into different groups and explain them that how they should keep their data safeguarded with the help of SPOC. Create scope for Webinars and Videos where associates must attend and understand the compliance and the articles related to the compliance.
