Your GDPR Plan – 8 Areas to Cover

In a previous blog post, I argued that anyone struggling to push through cybersecurity initiatives or information management best practice initiatives just got a new best friend: the GDPR (General Data Protection Regulation).  Compliance GDPR, a new EU regulation, is mandatory for any business regardless of size that wants to handle data associated with EU citizens.  The regulation is 88 pages long and full of cyber and information security best practice requirements.  Yay!  Penalties are stiff and boards all over the corporate universe are taking this on as a major corporate risk accordingly.  Double yay!


This means that GDPR offers the best Trojan Horse opportunity that you could possibly imagine.  The real question is, what do you put in your GDPR horse?  There are a number of good articles out there that talk about the categories of PII and various ways to organise your approach to compliance.  But for me, your plan needs to cover all the following 8 areas, each of which you can think of as a secret weapon for moving your cyber and information security agenda forward to be included inside your GDPR Trojan Horse. 

Key 8 Areas to Follow for gdpr.

These are:

  1. Data discovery tools
  2. Data inventory initiative
  3. Process inventory initiative
  4. Establishing a GDPR risk register
  5. Data capture/management justification review
  6. Standards for 3rd party management of company data sets
  7. Establishment of a BAU capability to address ongoing GDPR-related requests
  8. GDPR training and awareness programme

Each of these items has specific tick box associations with GDPR compliance.  But each, if approached properly, also provides a massive opportunity for you to improve your IT operations.  AND, (here’s where it really gets good!), as so much of this has to do with how your customers, the rest of the business, handle their data, you can’t do this alone.  It is the perfect opportunity to establish working relationships and deepen conversations around the benefits of good information management practices and…. wait for it…. establish yourself as a trusted partner to the rest of the business in the realms of process analysis and improvement and digital transformation!

Please feel free to join the conversation.  Let me know what you think, what I got wrong and what you like.  As always, feel free to call the good folks at KBG if you need help pulling it all together for your company.