Even if you don’t need to hire a DPO, I suggest you create a data governance committee
Posted: Wed Jan 22, 2025 8:12 am
Additionally, if you think that in the future, as your company grows or expands internationally , you will need to consider GDPR compliance, you will already have a cross-team team in place that is familiar with compliance laws.
I've written a more detailed article on data governance , so head over there for more tips on how to build your committee.
2. Restrict access to data to specific employees and roles.
In an ideal world, employees would always handle data according to best practices. But that’s not the world we live in. While you should make every effort to educate employees on these best practices, it’s also a good idea to limit access to sensitive data to only those employees who absolutely need it.
Installing identity management software can help you restrict access to databases or specific sets of data within a database.
3. Find out what data you have
This may seem like the simplest part of this process, but organize your finances with mint according to a Veritas survey, more than half of the data organizations store is “dark” data… meaning they have no idea what it contains, even if they know they’re holding on to it in the first place.
My colleague Tyrena Dingeldein has a great explanation of how dark data and "databases" are bad for business , as well as some detailed tips on how to find and mine it.
Look at data mining software to understand what data is hiding in the shadows, and talk to your IT department about possible locations of dark data.
4. Create a backup copy of your data.
The GDPR ensures that EU citizens have the right to request access to their data, as well as to have a company transfer ownership or delete their data. For this reason, it is vital to back up your data to ensure it is on file if or when your EU customers request it.
I've written about some great options for small business data backup here , so I suggest checking that out. Bottom line, you should invest in business continuity software to ensure your data is always backed up and available.
Discuss best practices for backup scheduling and backup storage with your IT department, as every company's needs will be different.
Cyber security
Another way your IT team can help you prepare for GDPR is through cybersecurity.
No company wants to get hacked, but it happens. In fact, it happens successfully twice a week , and that's not counting the thousands of attempts your security team thwarts.
Under the GDPR, companies are required to report data breaches involving personal data directly to those affected within 72 hours of discovery or face large fines.
The requirement to communicate directly with data breach victims, coupled with such serious consequences for failing to report them, offers hope that some rapid and dramatic innovation in cybersecurity will occur.
Even if you're not legally required to comply with GDPR, you need to act fast when it comes to beefing up your IT security staff. The job market has already become ridiculously competitive .
In the meantime, make sure your organization is using some kind of cybersecurity or network security solution to protect your data from hackers and attackers.
I've written a more detailed article on data governance , so head over there for more tips on how to build your committee.
2. Restrict access to data to specific employees and roles.
In an ideal world, employees would always handle data according to best practices. But that’s not the world we live in. While you should make every effort to educate employees on these best practices, it’s also a good idea to limit access to sensitive data to only those employees who absolutely need it.
Installing identity management software can help you restrict access to databases or specific sets of data within a database.
3. Find out what data you have
This may seem like the simplest part of this process, but organize your finances with mint according to a Veritas survey, more than half of the data organizations store is “dark” data… meaning they have no idea what it contains, even if they know they’re holding on to it in the first place.
My colleague Tyrena Dingeldein has a great explanation of how dark data and "databases" are bad for business , as well as some detailed tips on how to find and mine it.
Look at data mining software to understand what data is hiding in the shadows, and talk to your IT department about possible locations of dark data.
4. Create a backup copy of your data.
The GDPR ensures that EU citizens have the right to request access to their data, as well as to have a company transfer ownership or delete their data. For this reason, it is vital to back up your data to ensure it is on file if or when your EU customers request it.
I've written about some great options for small business data backup here , so I suggest checking that out. Bottom line, you should invest in business continuity software to ensure your data is always backed up and available.
Discuss best practices for backup scheduling and backup storage with your IT department, as every company's needs will be different.
Cyber security
Another way your IT team can help you prepare for GDPR is through cybersecurity.
No company wants to get hacked, but it happens. In fact, it happens successfully twice a week , and that's not counting the thousands of attempts your security team thwarts.
Under the GDPR, companies are required to report data breaches involving personal data directly to those affected within 72 hours of discovery or face large fines.
The requirement to communicate directly with data breach victims, coupled with such serious consequences for failing to report them, offers hope that some rapid and dramatic innovation in cybersecurity will occur.
Even if you're not legally required to comply with GDPR, you need to act fast when it comes to beefing up your IT security staff. The job market has already become ridiculously competitive .
In the meantime, make sure your organization is using some kind of cybersecurity or network security solution to protect your data from hackers and attackers.