Being ready for the EU GDPR (European Union – General Data Protection Regulation) is – or should be – a topic on the agenda for European businesses and international businesses operating with an European reach.
The finish date is fixed: 25th May 2018. What GDPR is about is well covered (perhaps too overwhelmingly) on the internet. But how do you get there?
Below is my template for a roadmap:
The roadmap has as all programs should have an as-is phase, here in concrete as a Privacy Impact Assessment covering what should have been done, if the regulation was already in force. Then comes the phase stating the needed to-be state with the action plan that fills the gaps while absorbing business benefits as well. And then implementation of the prioritized tasks.
GDPR is not only about IT systems, but to be honest, for most companies it will mostly be. Your IT landscape determines which applications will be involved. Most companies will have sales and marketing applications holding personal data. Human Resource Management is a given too. Depending on your business model there will be others. Remember, this is about all kind of personal data – that includes for example supplier contact data that identifies a person too.
The skills needed spans from legal, (Master) Data Management and IT security. You may have these skills internally or you may need interim resources of the above-mentioned kind in order to meet the fixed finish date and being sure things are done right.
By the way: My well skilled associates and I are ready to help. Get in contact: