Unless you’ve been in hiding, you’ve probably seen the weekly headlines on GDPR (which stands for the European General Data Protection Regulation). At the Gartner IAM Summit this week in London, GDPR was certainly on everyone’s mind, but we were curious whether companies were simply talking about it, or if they had an action plan in place (there is, after all, barely a year before the GDPR takes effect on May 25, 2018).
Since we were surrounded by companies from across Europe, we surveyed 100 attendees and found that 80% see GDPR as a priority, but only 25% have an established plan in place. Fortunately, 75% recognize the importance of identity governance in helping them be GDPR-ready by the looming deadline.
This is a good sign. We have just over a year to assess our current situation, plan for and execute a strategy in preparation for GDPR compliance. Non-compliance will lead to hefty fines of up to 4 percent of the corporation’s annual revenue.
With the deadline looming and GDPR having significant teeth, the time to prepare is now. Fortunately, our conversations here at the Gartner show confirm that organizations are beginning to prioritize GDPR compliance, and are assigning people and budget to address it. We know compliance is additive to existing responsibilities, so we’ve broken down some of the key things you should do to prepare.
Find your data
The first step in GDPR compliance is finding all your data, and we mean all of it. One of the major tenets of the GDPR is being able to identify how and where organizations store customer data, and more importantly how they grant access to that data to employees, contractors and business partners.
Figure out where you’re at
Assess what you’re doing in your security strategy today. If you’re part of any industry that already requires compliance, you’re likely on the right track. Take stock of what you’re doing right in the context of the GDPR and what you’re not doing right. In this process also determine who can aid in your compliance efforts and get them up to speed on what will be changing.
Find your people
This is not a job solely for your IT department and its leaders. You need to include key decision makers in this process and ensure that they are not only aware of the things they need to be doing to comply with and enforce the regulations in their department, but also so they can help identify places where you need to adjust for compliance.
Build your toolkit
Inviting more software or processes might seem counterintuitive to an already cumbersome process, but not if you’re implementing the right tools. With the power of identity, employee awareness and the right procedures in place, you can ease into this new set of rules and adjust these things accordingly before the penalties begin.
Rally the troops and get to work. You may feel overwhelmed, but there is still time to get into shape. By creating an action plan now and getting the process started, you’re giving your business ample time prepare.
Hopefully, at next year’s Gartner IAM Summit, we’ll begin hearing best practices from organizations who are GDPR compliant. In the meantime, if you’re part of the 75 percent who don’t have a GDPR plan in place yet, download our eBook, Get Your Organization Ready for GDPR, to learn more.