• Data: look at the entire life cycle management of personal data. This includes: steps to discover and assess what personal data you have within your organization; ensuring the quality and integrity of that data; defining how you are using the data; and, how you can better interact with individual customers, clients or third parties in relation to their data. The process should involve not only the appropriate use of personal data, but also consent, choice, access, rectification and erasure of such data.

• Privacy: assess your current data privacy practices and determine what changes are required to prepare for the GDPR. Classify systems, identify potential risks and implement a privacy-by-design approach to IT systems management. The process should involve not only the protection of fundamental privacy rights, but also the security and confidentially of personal data.

• Protection: put in place strong technical and organizational measures (TOM’s) around cybersecurity, encryption, access controls and monitoring, incident breach monitoring and management. If you use cloud computing services, use those that support global data privacy standards and country-specific privacy laws about cross-border data transfer and processing.

• Governance: determine how to quickly and securely classify, manage and deliver data to only users who have a genuine and justifiable need. Ensure end-to-end traceability of personal data across the organization and lifecycle of the data and ensure effective risk assessment and management of third-parties involved in handling personal data.

• People, Processes and Communications: train employees about GDPR requirements, because they will need to understand not only the risks, but also the potential impact—financial and reputational— from improper use of data. Look at current business processes, which include HR, CRM and others that are heavily dependent upon personal data, and determine how you can successfully manage the changes required by the GDPR.

While GDPR can be considered another regulatory burden for organizations, compliance can help to accelerate digital transformation by introducing more efficient and integrated data analysis.

Overall, developing trust-driven relationships, investing in sustainable and governed data assets, ensuring data privacy and security, are fundamental to creating a company-wide culture of data responsibility— which we believe is the cornerstone of every good business