GDPR is more than just information security, data governance or training employees.
It is complex and far-reaching legislation, comprising many components that touch organizations
in numerous ways and at all levels.
At the same time, GDPR is just the latest in the ever-increasing number of regulations which needs a strong Information Governance
program and technical framework to succeed. A comprehensive approach is required, taking
all of its aspects into consideration.
The assessment we developed can be a great help with that, whether your company has already begun tackling GDPR or is preparing
its first moves. The assessment begins with determining the main GDPR stakeholders in your
organization per key area of attention. This is done together with the person responsible
for data privacy in your organization (you may even already have a special data privacy officer
in place). These stakeholders might be: representatives of the HR department, for communication,
training and personnel data; of the marketing department, for protecting your brand and your
customer data; and of the IT department, for security issues. Interviews and workshops will
be planned with all these people.