It has been two months since my last blog on GDPR (read it here) and the noise levels on GDPR in the press are at ear bleeding levels. I have sat on many vendor and analyst webinars, read article after article on the subject and absorbed as many of the vendor whitepapers as possible. The one thing I will say is that there is no shortage of information out there on the subject. There is however, something that still surprises me, and that is that many of the organisations I have spoken to over the last two months are either in the 'What is GDPR?' phase or the 'We're not sure where to start?' phase.
It is no surprise then that Gartner has stated that by the end of 2018, over 50% of organisations will not be compliant with the regulation. This is also backed up by a recent IDC survey of 560 organisations on GDPR readiness:
So let's take a look at where you should be by now, of course you will have listened to our GDPR podcast (listen here if not!) and reviewed the ICO guide '12 Steps to Prepare for GDPR' (read it here). Hopefully you will have also designated someone within your organisation to review the requirements and if needed, appointed a DPO (Data Protection Officer). Finally, you should have also gone through a high level review of how you manage your data and the types of data you are storing.
Now at this point, hopefully some of you reading this will be thinking: 'Okay, I've done that, but what's next?' For most organisations the next step is to conduct a more in-depth analysis of their processes and systems, and map this against the ICO's '12 Steps' to ultimately create a gap analysis. A gap analysis is the simplest way of understanding what is going to be required for compliance with the new regulation and the areas that your organisation will need to focus on first. By conducting a gap analysis, you will avoid spending time on areas that are already compliant and ensure future investment is in place in the areas needed to meet the goals set out by the ICO. In regards to the gap analysis Esteem provides, there are five stages that we take our customers through, these are;
The good news is that for some organisations, the gap analysis will require very little effort, especially in those organisations where they have a mature model for data handling and strong data protection regulations in place. For those that don't have the processes in place, this could be a program that runs right through to next year's deadline of 25th May.