Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

01:00 PM
Terry Sweeney
Terry Sweeney
Edge Features
Connect Directly

5 Pieces of GDPR Advice for Teams Without Privacy Compliance Staff

Are you an army of one tasked with compliance and data privacy? Try these tips to get you and your organization in alignment with regulators.

Inventory Your Data

GDPR has exposed an uncomfortable truth about most organizations: They have no idea what their data consists of, not to mention how much of it actually qualifies as "personal data," according to Privacy Professor's Herold. By performing a data inventory, organizations can get a better handle on what they have, where it came from, where it's stored, and how it's shared with third parties.

Given the global monetary value of personal data, organizations should do some kind data-mapping exercise, regardless of whether they're subject to GDPR, IAPP's Tene says. Given data's value, Tene would like to see organizations account for it like they do with their cash.

"No one in their right mind would have $100 bills laying around and unaccounted for," he says. "Companies should know where their data resides and how it moves within and outside the organization."

And that leads to the second part of inventory: Those subject to GDPR must also review the contracts with outside service providers and vendors that touch the organization's data. That includes (but is not limited to) call centers, processors, and cloud service providers. Contracts may need to be revised so that external third parties are following the GDPR requirements as well, Tene says.

(Image: mmphoto/Adobe Stock)

(Continued on next page)

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

3 of 6

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.


Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll