December 12, 2017 By Aubre Andrus 3 min read

The Gingerbread Man knew that May 25, 2018 was a big day: the day by which he had to achieve General Data Protection Regulation (GDPR) compliance. Organizations around the world — not just those in the European Union (EU) — needed to prepare.

Was it getting hot in here, or was it just the pressure that was heating up the room? Outside his office, the Chief Gingerbread Officer sign hung proudly, but inside it felt like an oven. He was burning up.

Don’t Run!

The Gingerbread Man’s first instinct was to run, run, as fast as he could. But he knew running away from problems wouldn’t end well for him — it would only lead to fines.

Instead of running away, he decided to get a running start. The Gingerbread Man sat down and began to assess his current data privacy structure as well as his company’s biggest risks as a prefabricated house manufacturer.

“What are you doing? A GDPR compliance assessment?” an old lady asked as she stepped into his office and peered over his shoulder. “Why waste your time? Just wait and see what happens to the others first. Come and grab a coffee with me instead.”

The Gingerbread Man considered her invitation. He could wait — but he was smarter than that. “Sorry, but it’s critical for me to assess where the organization is at,” he said as he picked up his laptop and left.

He saw an empty meeting room down the hall, but before he could grab it, an old man stepped in front of him. “I need this room to finish up our plan. We have to be GDPR-compliant by the end of May,” the Gingerbread Man said.

“Don’t worry about a plan!” the old man said. “Your assessment is enough. Why don’t you sit in on my meeting instead? You’ll get some quality face time with your employees!”

The Gingerbread Man considered for a second — but he was smarter than that. Without a plan, he’d have a hard time figuring out what activities he actually needed to do to achieve GDPR compliance.

“Sorry, but I’m too busy right now,” the Gingerbread Man said as he ran down the hall toward the cafeteria. He grabbed a table, popped open his laptop and began designing and developing a road map and implementation plan. A pig pulled up a chair next to him.

“That GDPR plan looks pretty good,” he said. “Looks like your work here is done. Why don’t you share this plate of vegetarian nachos with me?”

The Gingerbread Man glanced at the nachos. They smelled delicious — but he was smarter than that. He knew he had to keep moving forward, otherwise his efforts wouldn’t be worth it.

“Sorry, but I need to implement and execute these policies, processes and technologies. No time for lunch today,” he said with a wave. The Gingerbread Man quickly stepped outside and grabbed a seat on a bench away from everyone. He needed a quiet space to monitor the results of his efforts.

The Final Push for GDPR Compliance

It was a beautiful day outside and the Gingerbread Man was able to chip away at his goals, uninterrupted. But then he heard a bark. A dog playfully ran toward him.

“Come play with me,” the dog said as it dropped a ball at the Gingerbread Man’s feet. “Everything is running smoothly — you don’t need to babysit it. It’s such a nice day.”

The Gingerbread Man could feel the warm sun. He was tempted to stop — but he was smarter than that. He had to measure and document the program’s effectiveness. Otherwise, what was the point?

“Sorry, but I don’t have time to play today,” the Gingerbread Man said. He headed back to his office. It didn’t feel quite as hot anymore. It wouldn’t be long until his company was fully GDPR-compliant. But when he opened his laptop, something concerned him: a suspicious incident from someone named Fox.

Thanks to all of his hard work, the Gingerbread Man’s security controls were in place. Within hours, he responded to and managed the incident and prevented a more severe breach from occurring. The Fox wasn’t going to get him this time.

Staying On Track With Your GDPR Journey

Compliance isn’t always fun, but you must get a running start on security before the pressure builds. Stick to the path and don’t let distractions stop you from fully completing your GDPR compliance journey.

Watch the webinar: Get GDPR-Ready — Because Data Protection Is About to Get Personal

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today