GDPR: 10 rules to achieve and maintain compliance
The imminent entry of European legislation on the management and protection of personal data requires companies to:
- identify the organizational areas affected by the new legislation;
- verify their governance rules;
- identify the level of data security in the different business processes;
- intervene, where necessary, with organizational changes or new technological solutions adequate to the identified risk.
Starting with the International Best Practices, here is WHAT TO DO to achieve and maintain compliance:
1.Identification of the nature of the processed data, scope, context and purpose of the treatment;
2. Analysis of the corporate organizational model;
3. Identifying the treatments performed and to be implemented (new business);
4. Census of assets in paper and in digital format;
5. As-is respect to the privacy system and Legislative Decree 196/03;
6. Data inventory, discovery and classification;
7. Risk assessment;
8. Identification of compliance level;
9. Definition of action plan;
10. The adoption of organizational and technological measures to ensure an adequate level of risk security.
For a closer look at HOW TO DO it, download HERE the in-depth document on the assessment and action plan.