Light Dark
February 5, 2018 By Adam Nelson 3 min read
Data Protection

At last, it’s time to flip the switch.

In our three most recent blog posts in this series, we’ve been leading up to this moment, discussing everything from assessing your current GDPR readiness situation and designing your approach to transforming your organization’s practices. And now we’re ready to talk about the Operationalize phase of the IBM Security GDPR framework.

Operationalizing Your GDPR Readiness Plan

If the prospect of putting all the gears in motion makes you a little apprehensive, you can rest assured you’re not alone. So take a few moments to think about everything you’ve accomplished up to this point in your GDPR readiness journey, and it’s likely you’ll realize that this is simply the next logical step in the process.

That said, I’d like to offer some suggestions to help make the transition go as smoothly and successfully as possible.

Communicate

It may sound obvious, but you really do need to let everyone know what’s changing — and why. Try to keep your explanation as simple and straightforward as possible. And remind everyone that while you’ve tested and refined the processes and procedures as much as possible, there may still be a few glitches along the way. So let them know that their patience will be much appreciated.

Monitor

Have a plan in place for keeping track of how everything is going. It’s one of the best ways to keep small problems from becoming big ones.

Adjust

One obvious result of your monitoring is that you may need to change things here and there. But because you likely have already tested most of your new systems, processes and procedures (and you have been doing that, right?), we’re really talking about making fairly small adjustments here — and not significant changes.

Measure

It shouldn’t come as a surprise to learn that you’re going to need to track your GDPR program’s performance — and measure its success. Decide what you need to measure and then make sure you’re getting reliable (and verifiable) data. For example, you’ll probably want to track the number of:

  • Data protection officers you have in place;
  • People you’ve trained;
  • Data transfers you’ve completed;
  • Data subject access requests you’ve received and fulfilled; and
  • Breaches or incidents you’ve experienced (if any).

Having ready access to that information could be very helpful if regulators come knocking at your door. And one more thing: Remember to check in with your executive team to make sure they’re getting the metrics they need as well.

Manage

Whether you’re dealing with 1,000 data subjects or hundreds of thousands, we recommend creating a privacy management office to manage data governance and overall data use. Ideally, you should consider having a system in place for creating and tracking “unique person identifiers” that provide a single point of focus for any one of your data subjects. This can be managed by the privacy team, IT or a separate data protection team.

Accept Reality

What are the odds that the regulators will show up at your door? That’s an impossible question to answer. But I can venture an educated guess that many organizations won’t be fully GDPR-ready by May 25. Still, it makes sense to strive for as much readiness as you can muster.

One More Stop to Go on Your GDPR Readiness Journey

And remember that your GDPR journey doesn’t end here. The fifth and final phase of the IBM Security GDPR framework focuses on conforming, which includes effectively managing your controller/processor relationships and demonstrating that you’ve implemented technical and organizational measures to ensure that appropriate security controls are in place. We’ll be discussing those topics next.

In the meantime, learn more about how IBM can help you navigate your journey to GDPR readiness with privacy and security solutions here and within a broader perspective at ibm.com/gdpr.

ASSESS THE PROGRESS OF YOUR GDPR JOURNEY WITH YOUR PERSONALIZED GUIDE TO GDPR READINESS

Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including GDPR. IBM does not provide legal advice and does not represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

 |  |  |  |  | 
Adam Nelson
Associate Partner, IBM Security Services

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature