Top 10 GDPR Frameworks

2018 01 16 Top10GDPRFrameBlogImage

The EU’s General Data Protection Regulation (GDPR) has been called the largest change to data protections in a generation. It is causing major disruption to how companies manage customer data in — and outside of — the EU. Not only is the new legislation incredibly far reaching, it is also lengthy and complex. We’ve curated the top 10 GDPR frameworks to organize your efforts to comply with GDPR requirements.

Your first question – does this apply to me? If you are keeping personal data on European citizens (including emails), you are subject to these regulations. If you fail to comply by May 25, 2018, the penalties are up to €20m (or more for companies over €500m total revenue).

Do we have your attention? Good! Now, how do you begin familiarizing yourself with the regulations of the GDPR? Though there are many resources available, finding the right GDPR framework can be a challenge. In fact, a simple framework can be the most difficult to develop.

In last week’s post, we curated the Top 10 GDPR Guides. Here we take a different angle, compiling the top 10 GDPR frameworks to help guide your GDPR compliance efforts. Each provides a unique perspective on how to approach the GDPR. Perhaps a single framework will speak to you, or you will find that together, they provide an overarching perspective on how to navigate your path to GDPR compliance.

This webinar, from security vendor RSA, contains a GDPR framework covering the four main elements of GDPR. Delve into each area (breach response, data governance, risk assessment and compliance management) to better understand the main components of GDPR compliance.

framework1 RSA2

Framework #2 – GDPR Compliance Roadmap

Mailjet, a SaaS company providing an all-in-one email platform, has documented their roadmap to GDPR compliance. The spreadsheet below is a GDPR framework that shows a clear, replicable process tied to specific GDPR articles.

framework2 Medium 1

IBM’s GDPR framework provides a general overview through 5 phases for GDPR compliance: assess, design, transform, operate and conform. The larger table below shows how these phases transfer into specific privacy and security activities.

framework3 IBM3
Screen Shot 2018 01 11 at 1.46.55 PM

Framework #4 – GDPR Timeline

This presentation from IT consulting firm Cognizant provides a GDPR framework with a clear definition of several key areas, including personal data and a typical GDPR compliance timeline. An additional visual (slide 20) is a second GDPR framework that breaks down areas critical to GDPR compliance: technology, data, process and people.

framework4 Cognizant

This GDPR framework from consulting firm Copenhagen Compliance clearly delineates the roles of the controller, processor and data subject.

framework5 Copenhagen

Framework #6 – GDPR Priority Areas

Resource Insights, creators of HR and recruiting dashboards, assembles the key facts and priority areas of the GDPR into a very simple GDPR framework. They define 8 core areas of focus that should be addressed in order to achieve GDPR compliance.

framework6 Resource

This 12-step GDPR framework from the UK’s Information Commissioner’s Office provides an easy way to get started with GDPR compliance. It includes links to relevant sections of the GDPR itself, and other ICO guidance produced by the EU’s Article 29 Working Party.

framework7 ICO

Framework #8 – Gap Analysis

This GDPR framework from Data Management Review provides a no-nonsense summary of how to get started with GDPR compliance. A gap analysis shows potential roles and activities you may identity in your path towards GDPR compliance.

framework8 DMR2

Framework #9 – Six Step Methodology

According to the French CNIL (National Commission of Computing and Freedoms), “the new ‘accountability’ logic under the GDPR must be translated into a change of organisational culture and should put in motion internal and external competences”. Their GDPR framework proposes six steps for GDPR readiness.

framework9 CNIL

Framework #10 – GDPR Compliance Guide

This GDPR framework, from digital business and transformation news aggregator and consultancy i-Scoop, provides an overview of key terms. Find a wealth of resources regarding the General Data Protection Regulation, its impact and the steps to take in order to attain and demonstrate GDPR compliance.

framework10 iscoop

Alpin is SaaS management, empowering organizations to monitor and control their SaaS ecosystems via a single dashboard. Illuminate your cloud application environment, including Shadow IT. Cut costs up to 30% and manage license renewals and compliance. Monitor activity. Improve security via app de-provisioning and blacklisting.

Because Alpin tracks all your SaaS vendors, it’s a natural fit with your GDPR compliance efforts. Alpin makes your GDPR preparation faster and cheaper, reducing spend by as much as one full time equivalent (FTE). Automating GDPR vendor assessments wth Alpin facilitates the sending, receiving, and scoring of vendor assessments.

  • Sending – GDPR assessments can be sent to multiple recipients at the press of a button. Alpin will send reminder emails until the assessment has been completed.
  • Receiving – Completed questionnaires will appear automatically in Alpin’s dashboard.
  • Scoring – Based on the scoring criteria you establish in the assessment, Alpin will automatically calculate and display the scores for all vendors.

For more information on GDPR preparedness, see our recent posts:

Lauren Alweis