GDPR: where to start, when to stop
Data Privacy has become an ever-increasing priority for most organisations, largely due to the newly enforced sanctions of the European Union’s General Data Protection Regulation (GDPR). This regulation greatly extends previous privacy and data protection efforts (e.g. the UK’s Data Protection Act 1998) and will impact all organisations in any country which supply goods and services to the EU.
GDPR implies a whole raft of process and system changes to handle its requirements for data portability, data breach notifications, data inventory, process and system data protection by design and default, the data owners right to be forgotten, PIAs, and Security measures.
DTSQUARED is familiar with many GDPR initiatives within Financial Services. Many of them will fail. It’s important to recognise that there is still plenty of work to be done after the sections date has come and gone. What is vital is to have a properly constituted programme of work which creates clear accountability for compliance through the business, and addresses the major process issues systematically and with urgency.
At DTSQUARED we provide clients with a no-nonsense view of any current GDPR programme and where required help to reshape it. We can provide project management expertise to drive it forwards, and technical assistance with the tools you need in place to systematically identify personal data in the enterprise and define new processes for creating, validating, processing and – when needed – forgetting it.