In one of our earlier blogs we addressed five of the most common myths relating to the GDPR. At the top of the list was “You don’t have to worry about the GDPR until 2018”. As we established, and as the ICO pointed out in 2016 in “GDPR – 12 Steps To Take Now”, this is incorrect – organisations need to act immediately, especially those who are currently creating contracts that will be in force when the legislation takes effect.
In the spirit of making the whole process of compliance easier, and focusing on our belief that data management is at the heart of GDPR compliance (you can read more in our whitepaper here) we’ve put together our top three steps to getting your business ready for the GDPR.
Step One: Data Management Begins with Discovery
Before you can implement any processes regarding the treatment of data, and requests for data under GDPR legislation, you must find the data that is within your organisation.
Given how rapidly data is collected, created and stored by organisations, it would be impossible to find this out manually and meaningfully. What is correct at the beginning of this year could be wildly different in 6 months’ time.
By using Big Data and Machine Learning principles as part of an eDiscovery and data mapping process developed and applied by Exonar, you have the ability to rapidly find and categorise data and to do so on an ongoing basis – keeping you compliant overall rather than at a single point in time.
The added benefit of a digital discovery process is that you can also uncover the unknown data resident in your organisation – something also covered in greater detail in our whitepaper.
Step Two: Classification
Once you’ve found your data, you need to be able to classify it. Not only for your own corporate governance but also for the purposes of the GDPR which distinguishes between Personal Data and Sensitive Personal Data. To make sure that your classification is applied consistently, it shouldn’t be left to people to try to remember, or a lengthy guidebook. Here, Machine Learning and Big Data make sure that nothing is left to chance and that every data point is treated as it should be, every single time.
Step Three: Implement Relevant Processes
Once you have identified and classified your data you have a robust platform upon which to implement your processes. Given the speed at which discovery and classification can take place when using the Exonar platform, this third step is where you can really apply the skills of your people and any consulting teams that you engage to do the following:
- Decide which processes are required – this may include:
- Handling of requests for information
- Handling requests for deletion of data
- Managing interactions with third-parties and assessing their compliance status
- Communication of the GDPR and what it means, throughout your organisation
- Decide which processes can be automated, and which need to be handled by people.
These are just the first three steps in what will be a longer, and ongoing process. We think that they’re crucial for any organisation that wants to get it right first time. To find out how Exonar could help you make the right first steps in your journey towards GDPR compliance, get in touch.