The Gingerbread Man knew that May 25, 2018 was a big day: the day by which he had to achieve General Data Protection Regulation (GDPR) compliance. Organizations around the world — not just those in the European Union (EU) — needed to prepare.

Was it getting hot in here, or was it just the pressure that was heating up the room? Outside his office, the Chief Gingerbread Officer sign hung proudly, but inside it felt like an oven. He was burning up.

Don’t Run!

The Gingerbread Man’s first instinct was to run, run, as fast as he could. But he knew running away from problems wouldn’t end well for him — it would only lead to fines.

Instead of running away, he decided to get a running start. The Gingerbread Man sat down and began to assess his current data privacy structure as well as his company’s biggest risks as a prefabricated house manufacturer.

“What are you doing? A GDPR compliance assessment?” an old lady asked as she stepped into his office and peered over his shoulder. “Why waste your time? Just wait and see what happens to the others first. Come and grab a coffee with me instead.”

The Gingerbread Man considered her invitation. He could wait — but he was smarter than that. “Sorry, but it’s critical for me to assess where the organization is at,” he said as he picked up his laptop and left.

He saw an empty meeting room down the hall, but before he could grab it, an old man stepped in front of him. “I need this room to finish up our plan. We have to be GDPR-compliant by the end of May,” the Gingerbread Man said.

“Don’t worry about a plan!” the old man said. “Your assessment is enough. Why don’t you sit in on my meeting instead? You’ll get some quality face time with your employees!”

The Gingerbread Man considered for a second — but he was smarter than that. Without a plan, he’d have a hard time figuring out what activities he actually needed to do to achieve GDPR compliance.

“Sorry, but I’m too busy right now,” the Gingerbread Man said as he ran down the hall toward the cafeteria. He grabbed a table, popped open his laptop and began designing and developing a road map and implementation plan. A pig pulled up a chair next to him.

“That GDPR plan looks pretty good,” he said. “Looks like your work here is done. Why don’t you share this plate of vegetarian nachos with me?”

The Gingerbread Man glanced at the nachos. They smelled delicious — but he was smarter than that. He knew he had to keep moving forward, otherwise his efforts wouldn’t be worth it.

“Sorry, but I need to implement and execute these policies, processes and technologies. No time for lunch today,” he said with a wave. The Gingerbread Man quickly stepped outside and grabbed a seat on a bench away from everyone. He needed a quiet space to monitor the results of his efforts.

The Final Push for GDPR Compliance

It was a beautiful day outside and the Gingerbread Man was able to chip away at his goals, uninterrupted. But then he heard a bark. A dog playfully ran toward him.

“Come play with me,” the dog said as it dropped a ball at the Gingerbread Man’s feet. “Everything is running smoothly — you don’t need to babysit it. It’s such a nice day.”

The Gingerbread Man could feel the warm sun. He was tempted to stop — but he was smarter than that. He had to measure and document the program’s effectiveness. Otherwise, what was the point?

“Sorry, but I don’t have time to play today,” the Gingerbread Man said. He headed back to his office. It didn’t feel quite as hot anymore. It wouldn’t be long until his company was fully GDPR-compliant. But when he opened his laptop, something concerned him: a suspicious incident from someone named Fox.

Thanks to all of his hard work, the Gingerbread Man’s security controls were in place. Within hours, he responded to and managed the incident and prevented a more severe breach from occurring. The Fox wasn’t going to get him this time.

Staying On Track With Your GDPR Journey

Compliance isn’t always fun, but you must get a running start on security before the pressure builds. Stick to the path and don’t let distractions stop you from fully completing your GDPR compliance journey.

Watch the webinar: Get GDPR-Ready — Because Data Protection Is About to Get Personal

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…