As we’ve explored in several of our previous blog posts, GDPR is a hot topic for companies of all sizes and industries, regardless of where they’re geographically located. If an organization has any interaction with the type of information that will fall under GDPR come May of 2018 — even seemingly unimportant data like IP addresses — then it’s critical to start preparing NOW so the new regulations don’t catch you and your Information Security and IT teams off guard.
While we’ve explored many of the new requirements and all of the steps that you need to take leading up to the big changes, it still leaves you asking the most important question of all: HOW?! If you’re like most, you’re wondering what tools are available to help you prepare for GDPR and what resources you can use to ensure that you’ve checked all of the boxes and are prepared for the changes.
If you process the personal data of European Union citizens and you’re trying to wrap your head around what exactly GDPR entails, then Whistic’s GDPR Readiness Assessment can help — we’ll show you how in this post.
How to Use Whistic to Understand GDPR Requirements
If you’ve been keeping up with the shifting requirements from the European Union, then you know that Safe Harbor is no longer valid as of August, 2016 and new requirements for onward transfers were put into place as a part of the Privacy Shield, along with new requirements for privacy policies — and many more changes. Now, with GDPR, new changes have evolved yet again, and the regulations are getting more inclusive and even tighter. Fortunately, Whistic’s GDPR Readiness assessment can help you through the process to make sure your organization is fully prepared for the monumental changes come May, 2018.
- Step 1: Self Assessment
It’s hard to know where to start if you don’t know where your organization stands with GDPR preparedness. It’s also surprisingly hard to find reliable information on GDPR. Our self-assessment tool guides you through:
- An introduction to each of the main requirements discussed in the GDPR
- Over 140 in-depth questions to help you analyze your level of readiness and compliance with each requirement
- A process that will produce a report with a list of the “to dos” that your Compliance, Legal, Information Security and IT teams can utilize to help in your preparation for May 25th, 2018.
Reach out to us today if you’d like to utilize this GDPR readiness assessment and take the first step towards GDPR readiness.
- Step 2: Team Collaboration
It’s unlikely that new GDPR requirements will impact only one team in your organization. In fact, most organizations find that it takes a small army of contributors across the business to ensure that all aspects are checked off — from securing PII to locking down third party vendors to ensuring consent is in place. Throughout the self assessment, your team can easily assign questions, set due dates, track changes, and hold people accountable without leaving your chair so you can get answers from the people who have them.
- Step 3: The Report
Once the responses to the questions have been submitted by the respective team members, Whistic’s GDPR Readiness Assessment solution will generate an illustrative report, based on your unique responses, including a an analysis of where your team needs to focus in the coming months or weeks leading up to the changes. The report includes an executive summary that takes a high-level look at GDPR requirements and the areas where you’ve indicated you are compliant already and can skip, as well as the areas where you’re non-compliant and must work to resolve prior to May, 2018. The report covers each of the GDPR articles that must be addressed, such as security, data integrity, and consent, and provides a breakdown of each area so you can assign it to the best person or team who can make the necessary changes to ensure compliance.
- Step 4: Next Steps
While Whistic doesn’t provide consulting or legal services or guarantee that you’ll be ready for GDPR as a result of our tools, we do help you take that first step towards GDPR compliance. The next step that our customers take based on their initial interaction with us might include:
- Determining the business processes that will be impacted by GDPR
- Conducting a thorough analysis of the data flows within these business processes
- Conferring with internal or outside legal and privacy counsel to determine your level of readiness in each of these areas
- Setting up an ongoing review process to ensure that you are staying up with the ever-changing GDPR landscape and new developments as they are released
- Step 5: And More!
As a part of GDPR, you are to take proper measures to protect the security and privacy of data subjects and perform due-diligence on your third-party relationships in order to determine their compliance with the regulation. Because of the necessity to continually manage third party vendor security, you might want to consider Whistic’s comprehensive vendor security solution that can not only help you protect your organization against third-party risks, but also assist you in automating much of the information gathering and vendor due-diligence process so that you can focus more on maturing your program.
Ready to Learn More?
Check out our resources below for more third party vendor best practices and insights on how your organization can effectively approach security assessments.
eBooks:
Why Third Party Security is Critically Important
Request a Live Demo with a Whistic Product Specialist