If the prospect of putting all the gears in motion makes you
a little apprehensive, you can rest assured you’re not alone. So take a few
moments to think about everything you’ve accomplished up to this point in your
GDPR readiness journey, and it’s likely you’ll realize that this is simply the
next logical step in the process.
That said, I’d like to offer some suggestions to help make
the transition go as smoothly and successfully as possible.
Communicate
It may sound obvious, but you really do need to let everyone
know what’s changing — and why. Try to keep your explanation as simple and
straightforward as possible. And remind everyone that while you’ve tested and
refined the processes and procedures as much as possible, there may still be a
few glitches along the way. So let them know that their patience will be much appreciated.
Monitor
Have a plan in place for keeping track of how everything is
going. It’s one of the best ways to keep small problems from becoming big ones.
Adjust
One obvious result of your monitoring is that you may need
to change things here and there. But because you likely have already tested
most of your new systems, processes and procedures (and you have been doing
that, right?), we’re really talking about making fairly small adjustments here
— and not significant changes.
Measure
It shouldn’t come as a surprise to learn that you’re going
to need to track your GDPR program’s performance — and measure its success.
Decide what you need to measure and then make sure you’re getting reliable (and
verifiable) data. For example, you’ll probably want to track the number of:
1. Data
protection officers you have in place;
2. People
you’ve trained;
3. Data
transfers you’ve completed;
4. Data
subject access requests you’ve received and fulfilled; and
5. Breaches
or incidents you’ve experienced (if any).
Having ready access to that information could be very
helpful if regulators come knocking at your door. And one more thing: Remember
to check in with your executive team to make sure they’re getting the metrics
they need as well.
Manage
Whether you’re dealing with 1,000 data subjects or hundreds
of thousands, we recommend creating a privacy management office to manage data
governance and overall data use. Ideally, you should consider having a system
in place for creating and tracking “unique person identifiers” that provide a single
point of focus for any one of your data subjects. This can be managed by the
privacy team, IT or a separate data protection team.
Accept Reality
What are the odds that the regulators will show up at your
door? That’s an impossible question to answer. But I can venture an educated
guess that many organizations won’t be fully GDPR-ready by May 25. Still, it
makes sense to strive for as much readiness as you can muster.
Original Article
NEED SUPPORT WITH GDPR?
Jersey Community Partnership and Association of Jersey
Charities are looking to co-ordinate resources and suppliers, and there may be
grant funding available.
Jersey Charities Q&A
Jersey Data Protection Association list of GDPR events
Data Protection Reform in the Channel Islands
CONTACT
TimHJRogers@AdaptConsultingCompany.Com
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com
No comments:
Post a Comment