I’m a firm believer that GDPR shouldn’t be viewed as the only data protection end game, but more as a complement to existing policies that companies have in place to safeguard personal data. That said, GDPR will bring more governance requirements, more rights for individuals and a need for more consistent practices. Stringent penalties will be applied if we fall short of the new standards. As a company, we knew we needed specialist help to prepare.
So, I set up a meeting with the Capgemini Cybersecurity and Data Protection team asap.
They talked through the need for a holistic view of data privacy and protection, and how personal data must be managed, protected and controlled. While the main emphasis would fall on the first phase of this ― getting data properly organised ― all three elements would have to work together to provide ongoing consistency.
I was already aware of Capgemini’s cybersecurity portfolio. I’d long been an advocate of their consulting and managed services ― which actually are a great fit for GDPR’s emphasis on detecting and notifying breaches and leaks proactively.
After the meeting, the Capgemini team laid out a gap analysis to establish a roadmap for reviewing our security and privacy processes, improving data protection all along the lifecycle and moving forward our GDPR compliance. This roadmap included all the necessary mechanisms, technology solutions and controls that would enable us to respond to data and privacy threats appropriately. Implementation is now under way ― and we’re well on schedule for when the GDPR kicks in.
Find out all about Capgemini’s data protection services here.