Summary of what you should do sooner rather than later. Follow link for more detail.
- Obtain ISO 27001 Certification
- Hire a DPO or CISO
- Hire a Consumer Data Ombudsman:
- Use Consultants and the IAPP
- Build a Data Map
Then find a technology solution that's:-
- Not complex
- Won't take 6 months to deploy
- Won't cost the earth
- Addresses both historical, current and future data
However you prepare, time is of the essence. Next May will be here soon, and the EU will, in all likelihood, be making an example out of someone. Don’t let it be you.
And as a benefit, the same technology will unleash the value of data that has been inaccesible until now
First, the regulation itself is not merely for the 28 member states of the European Union. It is for the 31 member states of the European Economic Area (EEA), which includes the 28 EU member states plus Iceland, Norway, and Lichtenstein. The GDPR is being integrated into the 1992 EEA Agreement. Second, if you’re sitting in Des Moines, thinking, “I don’t care what the Europeans do, I’m in Iowa,” you probably should care because the GDPR affects not only EEA nations, but any organization offering goods or services to European data subjects or organizations controlling, processing, or holding personal data of European nationals—regardless of the organization’s location. Yes, Des Moines, that means you, too.