5 Essential Steps to EU GDPR – Part 3: Engage the Right People
This is arguably the most important element in achieving GDPR compliance. No organisation can do everything independently. Even software vendors must engage with outside agencies on this one.
We’re going to discuss ‘the right people’ as two categories; Internal and External. If ever there was an all hands requirement in a project, this is it.
Because GDPR is a compliance regulation, it’s far too easy to fall into the trap of believing this is simply a job for the InfoSec team, assisted by the IT guys (isn’t everything?). Yes, they are the most likely leaders in this project, but many other internal stakeholders must be included. Let’s look at some basic requirements of GDPR again and align to generic business roles and departments.
We’ll do this in table format to keep things digestible:
*Infosec & IT left out as they are a given
I’m not for one second suggesting this is an exhaustive list or that it’s 100% accurate. Nor applicable to every organisation. It’s intended to demonstrate that for each element of End-to-End Data Processing, multiple elements within an organisation are involved at each step of the way.
- Why Human Resources? They are the ones that must write the internal policies governing that all members of staff adhere to the new processes with enforcing penalties if broken.
- Why Internal Comms? Everyone in the organisation with any form of responsibility for data must know changes to process with re-percussions of not adhering. This is not uncommon in any project of scale, but Comms teams do often need to be the first to make a start. The last thing any organisation needs is for a member of staff to say ‘I didn’t know…’. Ignorance is no excuse.
- Why Legal? If you have a legal team, they must be versed in the Legal responsibilities of organisations that fall within the GDPR remit.
There are three things to remember and these are often the topic of conversation among Cyber Security Specialists:
- Currently, there is no such thing as a ‘GDPR Specialist’. There can’t be until GDPR has been enforced and there are test cases available. However, there are time served Cyber Security Specialists who know GDPR well.
- No one solution or vendor has a silver bullet that will solve all things GDPR. Given the complexities of the regulation and many touch points, it would be impossible for one vendor to cover all elements.
- Many vendors are purporting to have a GDPR solution and/or be GDPR compliant, often they are stretching their capabilities and GDPR requirements to fit. The square peg in a round hole analogy applies here.
Our recommendations are to engage these people and organisations:
Some organisations will employ people to cover the above requirements, but most won’t have the capacity or funds available to do so.
Contact your local STEALTHbits Technologies representative and they can put you in touch with recognised experts in each of the above categories. Or you can contact us here at Satisnet.
At STEALTHbits we pride ourselves in being open and honest on where our solutions align against the GDPR articles and where we hand off to our comprehensive partner network.
The fourth blog in the series will discuss why STEALTHbits are a logical option for any GDPR project and run through the specific articles we address; ‘5 Essential Steps to GDPR Compliance. Part 4: Why STEALTHbits?’
- 5 Essential Steps To EU GDPR Part 1 – Understand the Basic Requirements of GDPR
- 5 Essential Steps To EU GDPR Part 2 – GDPR Data Access Governance Project
- 5 Essential Steps To EU GDPR Part 3 – Engage the right people
- 5 Essential Steps To EU GDPR Part 4 – STEALTHbits Technologies, A Logical Fit for EU GDPR
Source - STEALTHbits Blog