Your GDPR Journey, Step 2: ManageMarch 7, 2018
The General Data Protection Regulation (GDPR) gives European citizens more say and control over how you capture and use a wide range of personal data about them. For example, they can ask that you share, correct, or delete their data. And you might have to address these requests within a certain number of days. Which means you need to have a clear plan in place for how you manage your data.
Ask the right questions
Start by discovering what types of data you collect and store. After you’ve done that mapping, you need to put a data governance plan in place. This is where you define policies, roles, and responsibilities for who can access, manage, and use personal data.
Some questions to answer:
- How will you respond to all personal data requests?
- How will you classify data to make it easier to find and respond to personal data requests?
- What will your employees need to do differently here?
- How do you train employees to properly store and manage data?
- How can you be sure you’ve erased data everywhere when asked?
- Can you put any technology in place to automate some of this for you?
- What business units will be affected? What business processes might have to change?
- Have you documented your processes here?
- Do you have a way to regularly test that these processes are working?
Consider all data phases
As you’re working through your data governance policies, make sure to consider how you manage and use personal data at every stage. Examples:
- At rest
- In process
- In transit
Classify data thoughtfully
Last up, think through how you’ll classify personal data. This is where you organize and label your data to help ensure that employees handle it properly. This also helps make it easier to respond to personal data requests.
Here are some classifications to consider:
- Types: What type of data it is
- Sensitivity: How sensitive it is
- Context for use: When and how to use this data
- Ownership: Who owns the data
- Admins: Who has admin access
- Users: Who can see or edit it
Need help with the GDPR?
We at Binary Tree are doing our part to help our clients protect the privacy of their own customers. We can help you move to the Microsoft cloud, which Microsoft has committed will comply with GDPR by the deadline. By adopting Office 365 and Azure, you can:
- Find and catalog personal data in your systems
- Build a more secure environment
- Simplify how you manage and monitor personal data
- Use built-in tools and resources to meet reporting and assessment requirements
Source: Microsoft. Beginning your GDPR Journey. May 2017.