GDPR: 10 rules to achieve and maintain compliance


The imminent entry of European legislation on the management and protection of personal data requires companies to:

  • identify the organizational areas affected by the new legislation;
  • verify their governance rules;
  • identify the level of data security in the different business processes;
  • intervene, where necessary, with organizational changes or new technological solutions adequate to the identified risk.

Starting with the International Best Practices, here is WHAT TO DO to achieve and maintain compliance:

1.Identification of the nature of the processed data, scope, context and purpose of the treatment;
2. Analysis of the corporate organizational model;
3. Identifying the treatments performed and to be implemented (new business);
4. Census of assets in paper and in digital format;
5. As-is respect to the privacy system and Legislative Decree 196/03;
6. Data inventory, discovery and classification;
7. Risk assessment;
8. Identification of compliance level;
9. Definition of action plan;
10. The adoption of organizational and technological measures to ensure an adequate level of risk security.


For a closer look at HOW TO DO it, download HERE the in-depth document on the assessment and action plan.

mautic is open source marketing automation