Your GDPR Journey - Step 1: Discover

The General Data Protection Regulation (GDPR) defines personal data much more broadly than the data directive it replaces. If you’re like most organizations, you collect and store data about your customers across anywhere from email to spreadsheets or even chat conversations. So the first step in your journey is to discover what personal data your company has and where it lives.

Know if the GDPR applies to your data

The GDPR defines personal data as any data that helps identify a person. It covers a broad range of categories, anything from names to medical information to even social media posts. So the first step is to figure out what types of personal data your organization collects that might apply to the GDPR

Here are some of many examples to look for:

  • Name
  • Email address
  • Phone number
  • Social media posts
  • Pictures or video footage
  • Physical, physiological, or genetic information
  • Medical information
  • Location
  • Bank details
  • IP address
  • Cookies
  • Cultural identity
  • ID number for driver’s license or passport

Build an inventory

Next, you should map out everywhere you collect and store this data. As examples, organizations often collect personal data in these ways:

  • Web, mobile, and eCommerce
  • Customer databases
  • Feedback forms
  • Photos and CCTV footage
  • Loyalty program regards

Here some common places to look:

  • Emails and chats
  • Documents
  • Databases
  • Removable media
  • Metadata
  • Log files
  • Backups

Various products across the Microsoft platform can help with this, as they offer data catalogs, report wizards, and advanced search capabilities. 

Need help with the GDPR?

We at Binary Tree are doing our part to help our clients protect the privacy of their own customers. We can help you move to Office 365, which Microsoft has committed will comply with GDPR by the deadline. By adopting Office 365, you can:

  • Find and catalog the personal data in your systems
  • Build a more secure environment
  • Simplify how you manage and monitor personal data
  • Give you tools and resources to meet reporting and assessment requirements