The road towards ensuring compliance looks different for every company.
There are no silver bullets or one technology that solves it all. It’s not a paper exercise and it’s certainly not an exercise that can be done in a day.
There are steps to take and ways to act however, some which are better than others.
In our view, a good compliance project is one that takes you in the right direction, dealing with the necessary areas in the right order.
You will not reach a point where you are ‘done’ with GDPR.
A good compliance project takes you to a position where you are in control, and where you can work efficiently and effectively in the long term.
In this step-by-step guide, we give you an example of how a good compliance project can be run.
How Do I Start my GDPR Project? The Comprehensive 5-Step Guide
The various steps will vary depending on your business and organisation, but the overall structure is one we have seen work well for many different types of companies, and applied by leading privacy professionals around Europe.
The project consists of 5 steps:
- Set the plan
- Understand where you are
- Understand what you need to do
- Take action
- …and repeat
We will walk you through the different steps, but the overall process looks something like this:
Start by setting the ambition and budget, who should be responsible and who should be involved (Step 1). Then, you need to figure out what you are currently doing. If you do not know where you are, you cannot know where you are going (Step 2).
You can now identify what needs to be done and start prioritising (Step 3).
(Step 4) is all about action. Time is limited so you have to get down to business, but if you act before step 1-3, you risk ending up focusing your resources on the wrong things.
If you take step 1-4 before May 25 2018, that is great. But remember, this is not only when you need to be done, this is when it all starts (Step 5).