A Guide to Data Privacy in the Era of GDPR, Part II

When last we left you, you were staring into the jungle of data protection laws known as the GDPR and CCPA. The question at hand was where to begin.

Charting a path through unknown territory, especially with these laws’ high stakes, seems like a daunting task. By reading this far, you’ve developed a sense of what’s ahead, and understand that making these changes is not going to be a quick weekend effort. But without a map to guide you, you can’t see your way to success. That said, it’s impossible to craft a good one right out of the gate; you’ll build your map as you head toward complete compliance. It all depends on your organization’s current state.

As the title of this post suggests, knowledge is powerful. You’ll need to thoroughly understand your company’s systems and practices to complete the hard work ahead. That’s how you should frame this first part of your data protection work: a survey of the terrain, and a discovery of what you don’t know about the consumer data in your care, and the structures that support it.

Think of it as an audit, but with a focus on system security, access privileges, and data sharing. Start by examining everything. Involve your IT teams, your security managers, your data analysts and more. Get to know exactly how your company works, and then document it. Because that’s the map you actually need, and the foundation for the work we’ll talk about in our next post.

Stay tuned for part three of this blog, and SIGMA’s upcoming Insight on the subject.