By now, you’re probably painfully aware of GDPR. The noise around the new data protection law alone is enough to make your head spin.
Add to that 100 pages of dense articles to trek through, and every security officer has their work cut out for them. But before you start trying to decipher the implication of every word choice in specific articles, you have to make sure your security practice has a solid foundation.
To help you get your head above water, we’ve compiled a checklist that will effectively be your step 0 for GDPR compliance. These steps are intended to prime you for future security controls and make your job easier down the road.
Without further ado...
Need some inspiration for what to include? Check out what my we've put together.
- Confirm that you are in compliance with applicable US privacy laws/standards for special types of data. Think industry or function specific data like HIPAA, billing information, etc.
- Review your customer contracts and confirm that you meet any privacy requirements. Pay special attention to any EU customer contracts that include GDPR processor and data transfer requirements.
- Meet all HR privacy requirements, including any privacy policies on HR portal/intranet.
- If your team has any presence in Europe or an offering targeting EU data subjects, comply with rules directly applicable to controllers under GDPR.
Don’t lose sight of the foundational pieces of your security strategy as you build out your policies and processes for GDPR compliance. Having a holistic security practice will position your organization to be even more effective in your quest GDPR compliance.