The EU’s General Data Protection Regulation (GDPR) has been called the largest change to data protections in a generation. It is causing major disruption to how companies manage customer data in — and outside of — the EU. Not only is the new legislation incredibly far reaching, it is also lengthy and complex. We’ve curated the top 10 GDPR frameworks to organize your efforts to comply with GDPR requirements.
Your first question – does this apply to me? If you are keeping personal data on European citizens (including emails), you are subject to these regulations. If you fail to comply by May 25, 2018, the penalties are up to €20m (or more for companies over €500m total revenue).
Do we have your attention? Good! Now, how do you begin familiarizing yourself with the regulations of the GDPR? Though there are many resources available, finding the right GDPR framework can be a challenge. In fact, a simple framework can be the most difficult to develop.
In last week’s post, we curated the Top 10 GDPR Guides. Here we take a different angle, compiling the top 10 GDPR frameworks to help guide your GDPR compliance efforts. Each provides a unique perspective on how to approach the GDPR. Perhaps a single framework will speak to you, or you will find that together, they provide an overarching perspective on how to navigate your path to GDPR compliance.
Framework #1: Four Key Ingredients of GDPR
This webinar, from security vendor RSA, contains a GDPR framework covering the four main elements of GDPR. Delve into each area (breach response, data governance, risk assessment and compliance management) to better understand the main components of GDPR compliance.
Framework #2 – GDPR Compliance Roadmap
Mailjet, a SaaS company providing an all-in-one email platform, has documented their roadmap to GDPR compliance. The spreadsheet below is a GDPR framework that shows a clear, replicable process tied to specific GDPR articles.
Framework #3 – 5 Phases to GDPR Readiness
IBM’s GDPR framework provides a general overview through 5 phases for GDPR compliance: assess, design, transform, operate and conform. The larger table below shows how these phases transfer into specific privacy and security activities.
Framework #4 – GDPR Timeline
This presentation from IT consulting firm Cognizant provides a GDPR framework with a clear definition of several key areas, including personal data and a typical GDPR compliance timeline. An additional visual (slide 20) is a second GDPR framework that breaks down areas critical to GDPR compliance: technology, data, process and people.
Framework #5 – How to Assemble the GDPR Road Map
This GDPR framework from consulting firm Copenhagen Compliance clearly delineates the roles of the controller, processor and data subject.
Framework #6 – GDPR Priority Areas
Resource Insights, creators of HR and recruiting dashboards, assembles the key facts and priority areas of the GDPR into a very simple GDPR framework. They define 8 core areas of focus that should be addressed in order to achieve GDPR compliance.
Framework #7 – Preparing for the GDPR in 12 Steps
This 12-step GDPR framework from the UK’s Information Commissioner’s Office provides an easy way to get started with GDPR compliance. It includes links to relevant sections of the GDPR itself, and other ICO guidance produced by the EU’s Article 29 Working Party.
Framework #8 – Gap Analysis
This GDPR framework from Data Management Review provides a no-nonsense summary of how to get started with GDPR compliance. A gap analysis shows potential roles and activities you may identity in your path towards GDPR compliance.
Framework #9 – Six Step Methodology
According to the French CNIL (National Commission of Computing and Freedoms), “the new ‘accountability’ logic under the GDPR must be translated into a change of organisational culture and should put in motion internal and external competences”. Their GDPR framework proposes six steps for GDPR readiness.
Framework #10 – GDPR Compliance Guide
This GDPR framework, from digital business and transformation news aggregator and consultancy i-Scoop, provides an overview of key terms. Find a wealth of resources regarding the General Data Protection Regulation, its impact and the steps to take in order to attain and demonstrate GDPR compliance.
Alpin is SaaS management, empowering organizations to monitor and control their SaaS ecosystems via a single dashboard. Illuminate your cloud application environment, including Shadow IT. Cut costs up to 30% and manage license renewals and compliance. Monitor activity. Improve security via app de-provisioning and blacklisting.
Because Alpin tracks all your SaaS vendors, it’s a natural fit with your GDPR compliance efforts. Alpin makes your GDPR preparation faster and cheaper, reducing spend by as much as one full time equivalent (FTE). Automating GDPR vendor assessments wth Alpin facilitates the sending, receiving, and scoring of vendor assessments.
- Sending – GDPR assessments can be sent to multiple recipients at the press of a button. Alpin will send reminder emails until the assessment has been completed.
- Receiving – Completed questionnaires will appear automatically in Alpin’s dashboard.
- Scoring – Based on the scoring criteria you establish in the assessment, Alpin will automatically calculate and display the scores for all vendors.