Practical Steps to GDPR Compliance: Map, Then Tackle

organization| business| data governance | | Lynn Heidmann

The enforcement period of the EU General Data Protection Regulation (GDPR) is less than a year away. Given the volume and complexity of big data in today’s enterprises, preparations should already be underway.

If they’re not and you’re not sure where to start, we’ve got you covered in our GDPR white paper, which has recently been updated with an interview featuring Santiago Castro, Head of Strategy and Portfolio at Keyrus - a Dataiku partner - who speaks at length about how to get started by mapping what he calls your data life cycle.

GET THE NEWLY UPDATED GDPR WHITE PAPER

What’s a Data Life Cycle Map?

Mapping out your data life cycle means getting down on paper in a centralized place the following:

  • Inventory of what data exists (from customer data to web logs to HR data and everything in between) and where
  • For each data type and source, who (individuals or teams) has access to, owns, and regularly works with that data
  • Current maintenance workflows - i.e., whether data gets copied or deleted regularly, and by whom

With this baseline map in place, you can start to identify which areas or processes touch personal data and which present risk factors for GDPR compliance. And with that concrete list of GDPR compliance risks, you can easily start to prioritize, tackling the largest risks first and working down from there to be ready in time for the compliance deadline.

tackle.gif

Map out your organization's data life cycle and use it to tackle the largest GDPR compliance risks first.

Training, Then Process, Then Technology

Complete GDPR compliance will mean having the processes in place, staff trained, and tools and technology to execute. But according to Castro, order matters; and here’s why:

“You may put together lots of technology and process solutions, but if people keep duplicating records and breaking those processes, you aren’t progressing and won’t be compliant - you’re rowing against the current. You need to make people aware of GDPR and its changes (including how it impacts what people are doing) so that when you put a process in place, it works. Tools are definitely needed, but ... put them in at the end after the people and the processes."

-Santiago Castro, Head of Strategy and Portfolio at Keyrus

crawl-walk-run.gif

GDPR compliance means 1. Training staff, 2. Establishing processes, and 3. Putting technology in place (in that order!)

For more insights from Castro and other industry experts, download the complete GDPR white paper. Or read an interview on GDPR with Dataiku CEO Florian Douetteau.

GET THE NEWLY UPDATED GDPR WHITE PAPER

Other Content You May Like