Now Is Definitely Time To Check You Are GDPR Compliant

It’s been a year since the EU’s GDPR (General Data Protection Regulation) was introduced. Sine then, there have been the many warning to organisations to get their houses in order and implement appropriate data protection measures for fear of enormous fines. 
 
As promised, the authorities started softly in enforcing and policing GDPR compliance. To date, the  fines imposed during the first year of the GDPR totaled €55.96 million (about £47.85 million), nearly all of that came from a €50 million (about £42.7 million) fine for Google.
 
The key question now, as that soft start wanes, is: how can you check that your organisation truly is GDPR compliant?  
There are four key areas you need to consider:
 
General Compliance
The GDPR includes 99 articles with hundreds of individual legal requirements, some of which only apply to some organisations, or only in certain circumstances, so it can be difficult to really gauge whether you are meeting your obligations. 
A gap analysis guides you logically through all the Regulation’s relevant requirements to identify which ones you are meeting and where you are falling short. It gives you instant visibility of your current compliance status and enables you to easily identify the actions you need to take to protect personal data and comply.
 
DSARs
A DSAR (data subject access request) is a request from a data subject, whether a customer, partner, supplier, employee or other stakeholder, for a copy of the personal data you hold and process about them. Under the GDPR, you must respond to a DSAR within one month and for free, and you must make sure that you can demonstrate that you have met this obligation. 
Clearly, then, it makes sense to have a consistent and, where possible, automated means of responding to DSARs. The gap analysis may identify this as an area you need to work on. 
The point is that, to achieve ongoing GDPR compliance, you need to ensure that every new DSAR is treated properly.
 
Breach Reporting
GDPR compliance requires you to keep a record of all breaches and incidents involving personal data that occur within your organisation, and it’s valuable to streamline how you report these to your supervisory authority. 
Again, the gap analysis may identify this as an area you need to work on, but to maintain ongoing GDPR compliance, you need to ensure that your recording and reporting processes are adhered to every single time.
 
Third-Party Management
It is important to remember that the chain of responsibility for GDPR compliance stretches beyond the boundaries of your organisation to any third-party partners or suppliers that are involved in processing personal data. You need to be able to monitor these and ensure that they are contributing to, not damaging, your own GDPR compliance.
 
Only by taking a logical approach to all four of these areas can you be sure that your organisation is truly GDPR compliant, and only by reviewing them on a dynamic, continual basis can you be sure that you are maintaining compliance.
 
Now is the time to check your GDPR compliance – here is the European Union Official GDPR Checklist 
 
Security Boulevard
 
You Might Also Read:
 
GDPR Alert As Average ICO Fines Double In A Year:
 
 
 
« Is Artificial Intelligence Ready For Your Organisation?
Britain Hacks Back »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

Fernao Group

Fernao Group

Fernao offer you all solutions from a single source - from cyber security, business resilience and digital infrastructure to cloud technologies and pentesting.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

JustunSecure

JustunSecure

JustunSecure is dedicated to promoting information technology and cybersecurity in Africa.