Get used to collecting data in a way people can understand.

.. and get ready to re-format or throw out what you currently have.

Data storage lifecycles must be declared under GDPR, and customers will be able to ask to see what data you hold on them. And ask for it to be moved somewhere else at any time.1

Know where your customers data is kept

... what it is, and whose is it

If you don’t, you’re already in violation. And since you’ll be expected to prove consent on demand, that might cost you.2

This means that a full assessment of your data storage will be essential before May 25th 2018 and continued assessment or monitoring there after.

You should pay particular attention to your cloud storage and software solutions, as these could be more vulnerable to breach and may be harder to make compliant.

Practice asking awkward questions

According to IDG, 62% of survey respondents think that securing compliance with GDPR is IT’s job.3 That means your first awkward question should be about responsibilities.

If building architecture and on boarding solutions isn’t explicitly assigned to someone, it’s likely you’ll take the blame later if the company’s sanctioned.

External sources

Thank you to all of the external sources below in helping to put this research together

  1. GDPR Article 20

    2. GDPR Article 7

    3. IDG Connect Mixed state of readiness for new cyber security regulations in Europe