Fotolia

5 to-dos for your GDPR compliance checklist

It's never too late to fine-tune your GDPR strategy. Expert Anne Marie Smith suggests a current state analysis of your PII protections, drafting a data privacy policy and more.

The General Data Protection Regulation is a European Union act that requires organizations with data from any citizen of an EU country to have certain data privacy guards in place.

Privacy is not a new dimension of data management, nor is it only part of a GDPR compliance checklist. It is a major issue for any organization's risk management, since most organizations collect some forms of personal data that could be combined to identify an individual. Leaving that data accessible and open to threats and events of malicious usage, accidental disclosure or other challenges is a main reason for the creation of the GDPR.

The following steps may be useful for organizations to include on a GDPR compliance checklist:

  1. Perform a current state analysis of the people, processes and technology capabilities that collect, process and manage privacy and security controls for personally identifiable information (PII) of customers and employees. Include data sources and the metadata -- business and technical -- for each attribute.
  2. Draft a data privacy policy as part of your GDPR compliance checklist to ensure the enforcement of government-mandated and internal regulations, best practices, legal and ethical requirements, as well as the risk management plan for addressing issues that arise with PII. Ensure that the data privacy policy is part of the data management strategy and has been drafted in conjunction with the data governance program team and data security team.
    GDPR definitions of PII
    A GDPR compliance checklist needs to include protections for personally identifiable information.
  3. Understand the difference between a privacy and security classification and instruct business and technical data stewards accordingly for all PII. Then, implement these classifications appropriately and consistently.
  4. Implement the proper metadata management for data and train data governance professionals and business and technical data stewards in the organization's approach to metadata management. Glossaries, data dictionaries, etc., should note all PII and their classifications.
  5. Integrate data privacy and data security into all the data management efforts as part of your GDPR compliance checklist, including data quality, master and reference data management, data warehousing, and BI and analytics. PII data can travel far and wide!

Dig Deeper on Data governance