There is a saying that a friend and I use when tackling what seem like enormous jobs “How do you eat an Elephant” and we both reply in chorus “One bit at a time”. This has never been truer than in the case of the General Data Protection Regulation. There seems to be a lot of confusion around what it is, who it applies to, how can it affect organisations and so on and to cap it all there are a number of organisations out there muddying the waters even further by claiming to be the cure all for GDPR buy using technology alone and that just is not the case.
As with our Elephant expression the best thing to do is to take the GDPR one bit at a time, find out how it will affect your business and customers and address the things you can with the existing systems and in-house skills you already have, beyond that you should take advice where needed from a qualified GDPR specialist to build a roadmap to help you toward GDPR compliance. Once you have ascertained where you currently are, where you need to get to and what you need to get you there, then look toward new technologies to help and even then only if totally neccessary.
The good news is you can do most of what you need to with what you already have, you probably just need a bit of guidance and a plan that you stick to. The even better news is, if you can prove that you are talking to experts regarding GDPR and are putting those plans in place, then even if you did have a breach it should help to mitigate against any potential penalties and fines.
So get out there and do some Elephant hunting (figuratively speaking of course)
Jim Sneddon - CISSP, DPO
Jim Sneddon has specialised in data security since 2001. He is a certified GDPR practitioner, Data Protection Officer and also holds the CISSP qualification.