#AmericanCSM #privacy #GDPR #gap analysis #competitive advantage
GDPR is about responsible data practices not just ensuring you can check the right boxes. With about four months before the May deadline, a lot of companies are seriously behind with their GDPR implementation. So instead of worrying about it, what steps can you take today that will move your company forward?
It really is very simple, you must start to develop a culture that is concerned about how you treat other people’s data. Just do the right thing. It starts with a commitment from the executive team. They must be transparent and accountable for their actions. Doing the right thing with other people’s data might also be part of purchasing criteria for consumers – hopefully, it will become the social norm. It can become a competitive advantage as you build trust with your clients, vendors, and suppliers.
To do this, one thing you can do is tell your story. You need to be able to articulate what your company is doing to change how it deals with other people’s data. Here are some good examples of how some companies are making changes:
- We used to collect erroneous data and now we only collect fifteen (15) pieces of data to help us make a hiring decision.
- We never used to delete client data and now after a contract ends, we properly notify the client and delete the data 90 days after final payment.
- We did a full audit of our data and were able to consolidate all personally identifiable and sensitive data into just two systems. We are working towards an integration that will give individuals seamless, simultaneous access to both systems but right now it is a manual process to look that data up in both systems.
- We do regular security training with our employees. This ensures that they can protect the data that we collect.
This is huge progress. So, what is your story? Where is your company on the journey to responsible data management? Here are some suggestions that you can do right now:
- Understand your data. Know its purpose to your business, know where it is coming from, where it is going, and all the stops it makes along the way.
- Perform a gap analysis. You can’t fix something you don’t understand.
- Prioritize and create a plan for how you will implement a comprehensive privacy program and make it realistic.
It might seem overwhelming but don’t make bad short-term decisions. Remember May isn’t the destination, it is just another date on the calendar. What really matters is the change in attitude over how other people’s data is handled and understanding that you have a responsibility to ensure its safekeeping.
Need help realizing the benefits of a GDPR gap analysis or creating an action-oriented plan, please contact us at American Cyber Security Management today.
*American Cyber Security Management (AmericanCSM.com) is focused on reducing your risk of data misuse. We do this through our Security, Privacy and DevOps offerings, delivered by