Lesson 3 of 7
What is the GDPR not?
- Not Optional - Any organization operating inside of the EU must adhere to the GDPR, as well as any organizations outside of the EU that provide goods or services to consumers or businesses within the EU.
- Not Fast & Easy - Complying with the GDPR requires many months of preparation and involves a considerable company-wide effort.
- Not One Employee/Department - While it would be easy to just assign compliance to an individual or a department it really is imperative to understand that GDPR requires the participation of the entire organization.
- Not a Guarantee of Security - As with any regulation, compliance is not synonymous with being 100% secure. Even in companies with the highest level of compliance, data breaches can and do happen. With this in mind we still strongly suggest that you utilize this compliance process to prepare your company so that: you prevent the most common breaches, sanity check how you manage sensitive data for your company as well as your customers, and mitigate the damage and cost of any breaches that may happen.
- Not a One-Time Effort - The GDPR requiresongoing maintenance. Many of the controls, depending upon the associated risk which they mitigate require testing on regular intervals. When new business, technologies or platform capabilities are introduced, may require security review, changes to controls and testing procedures as well as additional work to maintain compliance.
- Not the End-All-Be-All: The GDPR specifically impacts organizations that deal with personal data connected to EU citizens, but businesses must make sure that they are compliant in their own local territories (and the other regions in which they operate). Given the global nature of modern corporations, this may mean having to ensure compliance with a number of regional regulations.