GDPR Compliance
- Underestimating The Scope of The GDPR Regulation
Understanding the GDPR is most important aspect of GDPR compliance. GDPR is not merely an enhancement to existing regulations. Organisations felt that complying with the new provisions of GDPR especially with the business and IT implementation of data-subject rights would be onerous for their organization and were doubtful they would reach full compliance by May 2018
- GDPR Requirements Interpretation Uncertainity
The GDPR sets out a number of principles that organizations should observe in processing personal data, but most companies have yet to decide how to put these principles into practice. Although the GDPR provides guidance on what might constitute a lawful basis such as to carry out a contract, to comply with a legal obligation, or to serve the legitimate interest of the data controller or a third party that guidance leaves a great deal of room for interpretation.
- Identification Of Additional Security Measures To Implement GDPR
As the GDPR uses similar language to the current directive, many organizations are relying on their existing security measures, including protocols for particular customer segments, for compliance. GDPR calls for a structured approach to defining data risk and the measures necessary for mitigation e.g. Pseudonymization , anonymization, encryption, deletion and so on.
- Build And Maintain A Comprehensive Inventory Of Personal Data
Building and maintaining a comprehensive inventory of personal data is majorly rely initially on manual methods, typically using an internal survey to identify relevant data-processing activities within their organization. Such an approach is unlikely to be adequate to the task of keeping the inventory current and readily available to the regulator on demand. Sustainable processes and tools for maintaining detailed records have proved elusive so far for many organizations.
- Organisations Lack Of Capabilities To Fulfill Their Obligations
Organisations are struggling to identify and develop the capabilities they will need to execute data subjects’ rights in a timely manner. Building IT capabilities to fulfil these requirements may require orgnisations to consolidate data from disparate systems, create new authentication methods, and introduce external application programming interfaces.
© 2018. All Rights Reserved | Designed By Cetreno Infotech Pvt Ltd.