Reference no: EM133388960
What steps would you take for a small business of your choice that has an online presence to meet the general data protection regulation (GDPR) compliance?
Discussion Question:
Student classmate:
The five steps to ensure you meet GDPR compliance are access, identity, govern, protect, and audit.
- Access is the first step to ensure access to your data at all sources. You must audit the personal data that is being stored so that you know what and where to protect it.
- Identify is the second step in which you inspect your data to identify what data can be found in each source. You would need to catalog the personal data to ensure that you have logs of all of the information. These steps should not be manual.
- Govern is the third step in which you define what your data means. You must document your privacy rules across all lines of your business. The governance model states the roles and definitions must be laid out.
- Protect is the fourth step in which the data inventory and governance model are established so you can set up the necessary protection. You must use 3 techniques in order to be compliant: encryption, pseudonymization, and anonymization. Another important step is to delete data as you no longer need it.
- Lastly, the fifth step is Audit in which you audit for GDPR compliance. At this stage, you should be able to show where the personal data is located, how you can properly manage the data, and how to prove how the data is used.