Light Dark
December 12, 2017 By Aubre Andrus 3 min read
Data Protection
Topics

The Gingerbread Man knew that May 25, 2018 was a big day: the day by which he had to achieve General Data Protection Regulation (GDPR) compliance. Organizations around the world — not just those in the European Union (EU) — needed to prepare.

Was it getting hot in here, or was it just the pressure that was heating up the room? Outside his office, the Chief Gingerbread Officer sign hung proudly, but inside it felt like an oven. He was burning up.

Don’t Run!

The Gingerbread Man’s first instinct was to run, run, as fast as he could. But he knew running away from problems wouldn’t end well for him — it would only lead to fines.

Instead of running away, he decided to get a running start. The Gingerbread Man sat down and began to assess his current data privacy structure as well as his company’s biggest risks as a prefabricated house manufacturer.

“What are you doing? A GDPR compliance assessment?” an old lady asked as she stepped into his office and peered over his shoulder. “Why waste your time? Just wait and see what happens to the others first. Come and grab a coffee with me instead.”

The Gingerbread Man considered her invitation. He could wait — but he was smarter than that. “Sorry, but it’s critical for me to assess where the organization is at,” he said as he picked up his laptop and left.

He saw an empty meeting room down the hall, but before he could grab it, an old man stepped in front of him. “I need this room to finish up our plan. We have to be GDPR-compliant by the end of May,” the Gingerbread Man said.

“Don’t worry about a plan!” the old man said. “Your assessment is enough. Why don’t you sit in on my meeting instead? You’ll get some quality face time with your employees!”

The Gingerbread Man considered for a second — but he was smarter than that. Without a plan, he’d have a hard time figuring out what activities he actually needed to do to achieve GDPR compliance.

“Sorry, but I’m too busy right now,” the Gingerbread Man said as he ran down the hall toward the cafeteria. He grabbed a table, popped open his laptop and began designing and developing a road map and implementation plan. A pig pulled up a chair next to him.

“That GDPR plan looks pretty good,” he said. “Looks like your work here is done. Why don’t you share this plate of vegetarian nachos with me?”

The Gingerbread Man glanced at the nachos. They smelled delicious — but he was smarter than that. He knew he had to keep moving forward, otherwise his efforts wouldn’t be worth it.

“Sorry, but I need to implement and execute these policies, processes and technologies. No time for lunch today,” he said with a wave. The Gingerbread Man quickly stepped outside and grabbed a seat on a bench away from everyone. He needed a quiet space to monitor the results of his efforts.

The Final Push for GDPR Compliance

It was a beautiful day outside and the Gingerbread Man was able to chip away at his goals, uninterrupted. But then he heard a bark. A dog playfully ran toward him.

“Come play with me,” the dog said as it dropped a ball at the Gingerbread Man’s feet. “Everything is running smoothly — you don’t need to babysit it. It’s such a nice day.”

The Gingerbread Man could feel the warm sun. He was tempted to stop — but he was smarter than that. He had to measure and document the program’s effectiveness. Otherwise, what was the point?

“Sorry, but I don’t have time to play today,” the Gingerbread Man said. He headed back to his office. It didn’t feel quite as hot anymore. It wouldn’t be long until his company was fully GDPR-compliant. But when he opened his laptop, something concerned him: a suspicious incident from someone named Fox.

Thanks to all of his hard work, the Gingerbread Man’s security controls were in place. Within hours, he responded to and managed the incident and prevented a more severe breach from occurring. The Fox wasn’t going to get him this time.

Staying On Track With Your GDPR Journey

Compliance isn’t always fun, but you must get a running start on security before the pressure builds. Stick to the path and don’t let distractions stop you from fully completing your GDPR compliance journey.

Watch the webinar: Get GDPR-Ready — Because Data Protection Is About to Get Personal

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

 |  |  |  |  |  | 
Aubre Andrus
Children's Book Author

More from Data Protection
December 20, 2024

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature