December 2017: As most organizations are by now aware, the GDPR legislation aiming to protect the privacy data of EU citizens kicks into force on 25 May 2018. Across most of Europe the legislation is causing quite some noise, but also across the Atlantic companies are waking up to the fact that they may just need to take action.

A new survey from HyTrust notes that just 22% of US based firms have a GDPR plan in place, with over 50% noting that they are either not concerned about GDPR or are unaware of its relevance to their business. But GDPR is something to pay heed to. Many more US organizations than initially expected will be affected by the legislation and they therefore need to get a plan in place.

The secret is knowing where to begin

For those deciding to take GDPR action, the next step is knowing where to begin. Many are also realizing that GDPR prepping is actually a great exercise for the business. A first step is to get your organization’s data cleaned up. This may be a lengthy exercise and one which reveals quite some secrets. We often find that many people have access to more files, shares, or portals than they should have – a problem not just in terms of the GDPR, but also for the company’s general compliance and financial regulations.

Get the access overview – and maintain it

The ‘how’ in how to get GDPR compliant is where many companies struggle, no matter where they are geographically based. Identity and access management can help you clean your data and give you an overview of who has access to what, who approved it, (when, why, and how), and how you can prove your compliance. Our unique governance capabilities ensure that this overview is constantly maintained and kept up to date, making sure you are always in compliance with the GDPR in relation to user access to privacy data.