When confronted with the looming deadline of May 2018 for GDPR compliance there are five big questions any organisation should ask.
- Who deals with personal data in your organisation? Individuals or departments whichever is appropriate.
- What data do you gather across organisation? list it out there may be repetition which can be rationalised later.
- Why is the data collected or processed? Different users may have different reasons, list them all.
- List out all the processes in your organisation when handling personal data. Are they mandatory or optional, formal or informal?
- How is data safeguarded? Think about physical, organisational and logical security as a starting point.
Once these 5 questions are answered, however crudely, an organisation can start to understand the scale of the problem they face with GDPR compliance. It may be big or it may be small, but the first step is to get a grip on the size of the problem and not to ignore it.