Skip to main content

The road to GDPR compliance

By 16. April 2018October 7th, 2020No Comments

The road to GDPR compliance can be long and complicated if you do not have a clear plan. Initiate the process now and comply with EU’s General Data Protection Regulation before May 25 2018.

The road to GDPR compliance

The GDPR is fast approaching. With the regulation follows a number of requirements on how to process and store data on EU citizens. The big challenge is to document and secure that your company is GDPR compliant before the regulation comes into force.

Learn more about the General Data Protection Regulation here »

How to become GDPR compliant

To become GDPR compliant, Microsoft recommends, that your company go through four steps in your GDPR journey: Discover, Manage, Protect and Report.

  Discover: Identify what personal data you have and where it resides

Get an overview of the different kind of personal data, your company stores and handles. Here it is important to classify the kind of personal data you store about your customers. The term “Personal data” refers to any information relating to an identified person, such as name, identification number, location data, physical, physiological, economic, cultural or social identity. Not only should these data be classified, they should also be identified and secured in your organization. Do you know where all the stored data resides?

  Manage: Govern how personal data is used, deleted and accessed

Here, policies, roles, and responsibilities are defined on how personal data should be handled and collected. By doing so, it is important to determine, how your company use, delete and access data.

  Protect: Establish security controls to prevent, detect and respond to vulnerabilities

In this process, your company should establish how to prevent data breaches. Is there sufficient security around your data center, network, inventory, and computers? In the event of a data breach, companies should determine what the procedures are to discover and handle these.

  Report: Keep required documentation, manage requests and breach notifications

Companies are required to document the purpose of the handling of data, the classification of data, a third party’s access to data etc. Additionally, there needs to be implemented reporting and documentation tools such as audit logs and data breach notifications.

If interested, the steps are described in further detail here.

Michael Garver Burgaard

Want to learn more?

Want to learn more about how our solutions support GDPR? Contact us today for a noncommital talk with one of our consultants. We might be helpful in transforming your business.