This is arguably the most important element in achieving GDPR compliance. No organisation can do everything independently. Even software vendors must engage with outside agencies on this one.
We’re going to discuss ‘the right people’ as two categories; Internal and External. If ever there was an all hands requirement in a project, this is it.
Because GDPR is a compliance regulation, it’s far too easy to fall into the trap of believing this is simply a job for the InfoSec team, assisted by the IT guys (isn’t everything?). Yes, they are the most likely leaders in this project, but many other internal stakeholders must be included. Let’s look at some basic requirements of GDPR again and align to generic business roles and departments.
We’ll do this in table format to keep things digestible:
Element | Description | Impacted |
---|---|---|
Data Capture – Consent | Most organisations don’t have this so a new process must be designed and implemented |
|
Data Capture – Recording | The flow of data from receiving through to storage must be documented, transparent and fully auditable |
|
Data Processing – DSAR | Be able to respond to Data Subject Access Requests |
|
Data Processing – Retrieval / Deletion | The right to be forgotten and the necessity to provide data in a format suitable for transport |
|
Privacy by Design | Ensuring data is secure | Arguably everyone in the organisation |
*Infosec & IT left out as they are a given
I’m not for one second suggesting this is an exhaustive list or that it’s 100% accurate. Nor applicable to every organisation. It’s intended to demonstrate that for each element of End-to-End Data Processing, multiple elements within an organisation are involved at each step of the way.
There are three things to remember and these are often the topic of conversation among Cyber Security Specialists:
Our recommendations are to engage these people and organisations:
Who | Why |
---|---|
GDPR Focused Cyber Security Experts | Experience is everything. You must engage consultants who have delivered successful Data Protection assessments and solutions. These consultants will understand the GDPR and appreciate what is required to meet the various elements. |
Legal Specialists | If you have no internal legal team, you must engage with a legal entity au fait with Data Protection and the possible (as there are no test cases) repercussions of GDPR. |
Vendors | No GDPR project will be possible, especially at scale, without deploying appropriate technologies;
*not exhaustive |
Service Delivery / Service Integrator / SOC / Managed Service | An organisation that can bring the above together.
An organisation that has not just the skills, but has the capability and resources available to deliver on time. An organisation with the ability to provide program and project management to deal with internal and external stakeholders. |
Some organisations will employ people to cover the above requirements, but most won’t have the capacity or funds available to do so.
Contact your local STEALTHbits Technologies representative and they can put you in touch with recognized experts in each of the above categories.
At STEALTHbits we pride ourselves in being open and honest on where our solutions align against the GDPR articles and where we hand off to our comprehensive partner network.
The fourth blog in the series will discuss why STEALTHbits are a logical option for any GDPR project and run through the specific articles we address; ‘5 Essential Steps to GDPR Compliance. Part 4: Why STEALTHbits?’
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply