How Much GDPR Control Do You Really Need?
According to industry consultants, companies should see GDPR not as just one more irksome compliance challenge, but as an occasion to look more broadly at their security processes and to situate compliance within frameworks that they may already have, at least partially, in place.
They suggest eight principles that can help determine the need for specific GDPR-focused upgrades: including knowing your assets and where they are located, possibly using your current risk management program as-is, perhaps extended to cover a specific focus on protection of GDPR, implementing standard security frameworks to address GDPR and other regulatory requirements, run IT based on best practices all the way from governance down to technical IT processes, always have a valid reason to process PII, get buy-in from management the right way, do regular check-ups of your entire IT environment, and automate whenever and wherever you can.