As part of the TrustArc Privacy Insight Series Webinars, Paul Iagnocco, Consulting Director & Senior Privacy Consultant at TrustArc, presented “One Week to Go: Are you Ready for May 25th?” This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here.
In this webinar Paul addressed the questions companies are facing as the May 25th GDPR deadline approaches: Is my company compliant? What if we are not 100% compliant? What happens next? This webinar focused on four main areas as they apply to the GDPR: compliance status, enforcement, ongoing risk management, and demonstrating compliance.
To start, with regard to compliance status, Paul reiterated the fact that privacy is not going away. The May 25th GDPR deadline is not about checking a “yes/no” box. Achieving compliance is an ongoing and evolving process. He covered useful solutions meant to address the GDPR, how companies have been preparing, and what’s left to do before the deadline hits.
In regards to GDPR enforcement, Paul broke down what DPAs are saying, their readiness for enforcement, and possible future enforcement actions. He also discussed how the European Data Protection Board will replace Working Party 29.
In the ongoing risk management portion of the webinar, Paul discussed the lifecycle of managing risk as companies strengthen their privacy programs and policies for GDPR compliance. This graphic shows a sample lifecycle:
Finally, the importance of demonstrating GDPR compliance should be a top priority. While there is no such thing as being “GDPR Certified” at the moment, companies can ready themselves for this future certification by independently validating their company’s GDPR efforts and status which can be shared with both internal and external stakeholders.
A few general tips our speaker provided include:
- Education and training. The goal is to have privacy-minded culture throughout the company. The importance of being GDPR compliance should cascade through the each department of the business, regardless of whether they handle personal data.
- Leverage technology. Having the information and the ability to disseminate that in an efficient and effective way will be critical for sustainability for your company.
- Article 25. This is the heart and soul of the GDPR. Companies should be incorporating privacy into every stage of production, whether it’s a new product or new policy.
TrustArc offers GDPR Implementation solutions and assistance, at any stage of your GDPR program such as building and testing a data breach incident response plan. To learn more, schedule a consultation today!