Compliance takes timeThe requirements set out by the GDPR will involve careful coordination between departments, and time to implement the changes to accommodate them. Think of all the personal data being processed across different departments, from marketing and sales to HR and IT. Each department may be using a different app to perform its tasks – such as marketing automation tools for marketing departments and CRMs for sales departments. Compiling a complete inventory of all data subjects and personal data held on them will take a lot of time and effort. The process begins with an organisation undertaking a gap analysis to determine where the data protection shortfalls are in its systems. Each process that involves personal data may need to be adjusted or possibly redesigned to ensure personal data is being collected, stored and processed in accordance with the new data protection regulation.
Compliance is ongoing
What some organisations may not realise is that data protection isn’t a project with a start and end date. It’s an ongoing requirement that needs a framework in place to ensure personal data is secure. The other thing organisations may not know is that the GDPR isn’t only about data security – it includes governance policies and processes, plus employee education, all of which take time to implement.Time may be running out until May 2018 but, luckily, tools like GDPR365 exist to make the compliance process easier for organisations.
If you haven’t yet started, you should schedule for a free demo of a GDPR software.