GDPR Minus Zero – Now the Real Work Begins

GDPR Minus Zero – Now the Real Work Begins

It is finally here. That’s right. We have been waiting for what seems like years for today to come and here it is. So, will today be like January 1 2000? Will we all collectively breathe a sigh of relief and get on with our lives? Move on? Nothing to see here? No. We won’t.


By Stuart Beattie, Product Marketing Director, Omada

GDPR Minus Zero – Now the Real Work Begins

It is finally here. That’s right. We have been waiting for what seems like years for today to come and here it is. So, will today be like January 1 2000? Will we all collectively breathe a sigh of relief and get on with our lives? Move on? Nothing to see here? No. We won’t.

Different from Y2K

The ‘Y2K bug’ was the last time that IT the world over had such a large project on its hands. However, once the clock struck midnight and the computer systems were checked we all continued celebrating the new millennium. Planes did not fall out of the sky. Our bank accounts were not mysteriously emptied. Nuclear power plants did not suffer major meltdowns. Much to the relief of everybody, the event was a non-event and we could move on with our lives.

Things are different today. Unlike January 1 2000, which marked the successful end of major IT projects, today, May 25 2018, is only the start. The work we have all been doing over the past few years in preparation for today is only the beginning.

However, unlike 18 years ago, the work we have done so far will not be completely in vain.

Now the real work begins

From today we can receive requests from people who want to know what personal information we are holding that is relevant to them. Others can contact us because they want to be forgotten. And, if we are unfortunate enough to suffer a data breach, then we will have a very limited amount of time to report to relevant authorities and those that are affected.

In the lead up to today, many organizations have put procedures in place to clean up their data but have not thought about how they are going to manage these requests or ensure that they have adequate procedures in place to deal with potential data breaches. Have you?

Do you know where you are storing all the personal information about customers, prospects, and employees?

Can you be sure that when you go back and tell somebody that they have been ‘forgotten’ that you have actually deleted them in all of your systems that hold personally identifiable information?

Do you know who has access to all the personally identifiable information that is held across all your enterprise systems – being on-premises or in the cloud?

Can you quickly cut off ALL a user’s access if you discover that their account has been breached or they are no longer and employee?

The role of identity and access management

Breach notification, trans-border data transfers, data subject consent, and appointing a data protection officer are among the aspects of the GDPR, but another is this concept of an improved nurturing of data management practices, including privacy governance. This is where identity and access management comes into the picture.

For the past two years, we have been working with customers to help them prepare not only for today but for the weeks, months, and years to come. We have been helping them put policies and procedures in place, so they can classify which of their systems and applications, hold personally identifiable information and therefore fall under GDPR requirements. We have helped them track who has access to systems and applications that contain GDPR governed data, and why they were granted this access.

Identity and access management allows organizations to document who has access to what, when, and why they have this access. Having this technology in place, means companies can control and govern their identities, thereby protecting the sensitive data. Vital core processes of identity and access management allows organizations to tag systems and applications containing privacy data, implement identity lifecycle management, managing user access to privacy data, processes for correct onboarding and off-boarding of new employees and contractors when they join and leave the organization, as well as access governance for monitoring and reviewing of user access rights to systems and applications containing privacy data, which enables the organization to maintain continuous compliance.

Who has access to what, and why

While we are all uncertain about exactly how the authorities are going to react as different GDPR scenarios arise, we are certain that access control and governance will play a vital role in documenting that you are in control of who has access to privacy data, ensuring the safety of customer, prospect, and employee personally identifiable information as well as helping to address both internal and external audits that our customers face.

We are confident that the customers we have been partnering with are in a strong position when it comes to proving where sensitive personally identifiable information information is stored, who has access to it, and why they were granted that access in the first place.

Eights steps to compliance

Learn much more about the Omada's approach to GDPR compliance and read our eight step guide to GDPR compliance and download our GDPR e-book, a comprehensive guide for how identity and access management can help your organization get in shape for the legislation and reap the many benefits in the process.


EU GDPR Articles

Eight General Misunderstandings about the EU GDPR

In our dialogue with various organizations, we experience a great deal of misunderstandings in terms of what actions to take and how to initiate them. Therefore, we have gathered the most common misunderstandings about the new regulation here:

Read more

Is your Data Covered by the EU General Data Protection Regulation?

The core of the EU GDPR is the concept of “personally identifiable data.” This should be interpreted very broadly as “data, which can identify a specific person.”                                                                                                                                                                          

Read more

Eight Steps to Ensure that Your Data Protection Measures are in Place

Organizations that have not done so already, have to start thinking in very pragmatic terms about what impact the GDPR will have on employees, processes, and technologies, and which measures to take to diminish business risk and get compliant in time.

Read more

Blog: New EU Regulations put your Business at Risk

The  EU GDPR creates an asymmetric risk, in which the risk that the supplier is asked to cover, most often far exceeds the value of the commercial agreement.                                                                                                                                                                                                                                          

Read more
Keep updated about EU GDPR and IAM. Subscribe to Omada's newsletter and receive information about the latest EU GDPR articles, events, and product releases.

By using or further navigating this website, you agree to Omada's use of cookies. Click here to see our cookie policy.

Read Privacy Policy