Shortest Way for GDPR Implementation Approach

In GDPR Implementation process, it is very challenging to comply multiple products from any platform. GDPR implementation is technically feasible for compliance but how to ensure compliance in multiple environments is a bit concerned. It becomes utmost important to consider all factors in deciding architecture for GDPR implementation. At the same time, the respective team also have to deal with other issues inherently introduced. Below are the key components needs considerations during GDPR implementation:

  • Applicability of the regulation: Applicable to the companies processing personal data of EU citizens across the globe
  • Mandatory appointment of Data Protection Officer: Required to designate a DPO under the GDPR
  • Stricter Consent Rules: Right to withdraw consent at any time and to have his/her data erased 
  • Enhanced breach notification requirements: Notify the supervisory authority within 72 hours of becoming aware of the breach
  • Data Protection Impact Assessments & Consultations with the DPA: Introduces mandatory Impact assessments
  • Enhancing Individual Rights and creating new rights: Right to be forgotten (also known as the Right of Erasure)
  • GDPR encourages “Pseudonymization: GDPR introduces a new concept of “pseudonymization” It is the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately.
  • Data Security Obligations: Requires “privacy by design”
  • Fines for non-compliance: 4% of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher.

Objectives

To comply GDPR for the platform.

Suggested Approach for GDPR Implementation

Below are the GDPR key changes and mitigation approaches:

GDPR Privacy Risk and Impact Assessment Approach

The GDPR assessment and implementation team can follow below steps for assessment work:

Resources Required for GDPR Implementation:

Below are required resources for its implementation. The project team can prepare project plan based on assessment output:

GDPR Gap Assessment

The GDPR gap assessment excel sheet shall be comprising of below tabs. Respective tab items can be taken from GDPR principles 

Below are the exaples of Gap Assessmebnt tab as described above:

Below are the crux pointers which is required to be solutionized for GDPR implementation:

Below security controls are recommended to be used:

  • Segregation of Portals 
  • SOC/SIEM/Management and Monitoring Services 
  • Access and Policy Services
  • Secure Interconnect Services 
  • Internal Server farms 
  • Zoning solutions 
  • Security Event Detection 
  • Notice
  • Consent
  • Inspect/Add/Modify (Self Service)
  • Right to Erase
  • Audit Trails
  • Audit Trails Privacy
  • Logger
  • Logs Privacy
  • User Role Management
  • Role Based Access
  • Purpose Based Access
  • De-Risk - Encryption
  • De-Risk - Anonymize
  • De-Risk - Psuedonymize
  • Data Portability
  • Data Breach Notification

Conclusion

Although none of the organization would survive in coming years without GDPR compliance implementation. If the organization wants to do the business then they need to comply GDPR otherwise they need to shut the business door. As described above, currently GDPR implementation has a lot of issues which scares away several potential clients. Until a proper security module is not in place, potential clients will not be able to leverage the true benefits of it. Where there are heterogeneous systems having a variation in their business value, a single security system shall be too costly for certain applications and if there is less security then the vulnerability and non-compliance factor will shoot up. 

Authored By - Anilkumar Dubey
TCS Cyber Security Practice

Rate this article: 
Average: 1.1 (153 votes)
Article category: