An Introduction to GDPR | An Operations Manager Point of View
The introduction to GDPR, for me personally this year, was understanding what this new data act was and why it was in my newsfeed every second day. I decided the first step was discovering as much as possible. I attended a few GDPR events from breakfast briefings to morning seminars to a full day event. I can’t say they were all worth the time of day, but as a whole, I did pick up a few gold nuggets of information to take back to Typetec. Given the volume of free events happening now – posted on LinkedIn or elsewhere – I would recommend highly trying your best to go to an industry-specific event or an event from a speaker you’ve heard about or multiple speakers that can give different points of view and reduce your risk of a painful death by generic GDPR PowerPoint. Remember it is an investment of your own time too so best to choose wisely.
The second step, for me, was discussing GDPR at a management level internally and planning the road ahead for us. We knew there was a hard deadline approaching but not completely clear, to be honest, of the scope of compliance we had to prepare for. Our two ISO quality accreditations we knew would aide us on our journey with standard operating business processes and management review structures already implemented into our organisation, however, I was also aware that they wouldn’t do the work for us.
One thing we were clear on was that GDPR readiness wasn’t going to fall on just one single individual… thankfully, as my odds were short I reckon….the responsibility fell on the entire company with support from the board level. We formed a working group of five staff to be the internal ‘GDPR committee’. Our team crossed finance, sales, service and marketing with a mix of staff seniority and technical (IT) skillsets.
We needed to know our starting point so sat down together in the boardroom and completed the Microsoft GDPR Assessment Tool, you can access the initial survey here. There are a number of free online tools out there to help you begin the gap analysis and I felt this was a very good starting point for us. The entire assessment takes about 2 hours but it was time well spent answering and debating the questions waking us up to the work that was to come. However, it was evident to everyone where we needed to be and now we had a trackable path to get there. With Microsoft’s help, we were able to generate a report with our initial results, which we sent on to our CEO, along with the minutes and actions of the meeting to formally report on our position – it’s important from the very beginning to document all actions taken to reach compliance. The documentation forms a part of your evidence trail which is crucial if the Data Protection Office knocks on your door after May 25th.
Discovery is definitely the first step in any GDPR compliance journey. Going forward our next step is to start managing the tasks at hand and meet this week to discuss actions, progress and prioritize tasks off the back of the reported results. I will report back next month with a progress report on this along with any compliance tips I pick up in the meantime.
To keep up to date on my journey follow Typetec on LinkedIn.