One of the most important ways to ensure compliance with the General Data Protection Regulation (GDPR) includes appointing a data protection officer (DPO) who is responsible for monitoring and maintaining compliance. Beyond that, however, there are other policies and procedures to put into place to help ensure your organization is in continued compliance.
Assign a Data Protection Officer
The first and most important thing you can do to monitor and maintain GDPR compliance is to designate a data protection officer (DPO) for your organization. Many organizations will be required to designate a DPO, as explained in Article 37 of the Regulation, but even if your organization chooses not to, the best line of defense against non-compliance may be to appoint one regardless.
The primary role of the DPO is to monitor GDPR compliance, so having a designated person to manage this responsibility will help ensure your organization is in compliance. Other DPO responsibilities include:
- Providing advice regarding data protection impact assessments
- Cooperating with and being the contact point for supervisory authorities
- Staff training, assigning responsibilities, and raising awareness
- Informing and advising processors, controllers, and employees
- Understanding the regulations and putting them into practice within the organization
Who makes a good DPO? There are benefits for organizations if an individual in this position has a background rooted in both technology and law, as he/she can comprehend the technical aspects of the job as well as the regulations involved. However, having a dual background is not required. What is crucial to the role of the DPO is that there must not be a conflict of interest, and this is explicitly stated. Senior positions within an organization that can conflict with the DPO position include CEO, COO, CTO, IT Director, and Marketing Director positions. As noted by IT Governance, the DPOs cannot be dismissed or penalized for performing required tasks.
Examine/Update Current Data Privacy Practices
Once a DPO is in place, you can conduct a data protection impact assessment to determine how your current practices and policies stack up against what's required by the GDPR. To start, you can map what data is collected, where it comes from, where it is stored, what it is used for, who has access to it, and how you gather consent from data subjects (the people who can be identified by the information).
After you’ve created that map, you can examine it for non-compliance with GDPR measures and make changes to your data protection and privacy policies as necessary to achieve compliance.
Know How to Address Data Breaches
Many times, data breaches would go unreported and ignored, but that all changes due to the GDPR. One of the most important things your organization will become responsible for is monitoring and communicating data breaches. In fact, once a breach is discovered, you'll only have 72 hours to report it to the supervisory authorities and possibly to any data subjects involved.
Knowing what to look for and where to look for a data breach in progress can also be beneficial. In 6 warning signs of a data breach in progress, we examined common signs organizations need to be aware of, and those include:
- Critical File Changes
- Unusually Slow Internet/Devices
- Obvious Device Tampering
- Locked User Accounts
- Unusual Outbound Traffic
- Abnormal Admin User Activity
Create a Data Privacy Governance Structure
One way to ensure the completion of any regulatory compliance task is to dedicate resources and individuals to that task, and the same holds true when it comes to monitoring for GDPR compliance.
Organizations are responsible for protecting the personal data of EU citizens, and this means consistently monitoring for vulnerabilities, breaches, consent, and other issues that could lead to non-compliance. One way to maintain a constant and close watch on your data is by utilizing file integrity monitoring software. This type of software gives you more control over your data, tells you who’s accessing it, alerts you when changes are made, and makes it easier to stay GDPR compliant.
To learn more about GDPR compliance and how to stay compliant with file integrity monitoring software, download our solution brief for GDPR compliance today.
April 4, 2018