When the EU General Data Protection Regulation (GDPR) takes effect on 25 May 2018, not only will organisations need to make sure their own processes and policies are compliant but also any supplier contracts meet the GDPR’s requirements.
This includes software-as-a-service (SaaS) providers, whose applications Symantec claims are relied on much more than organisations realise. The software company’s 2017 Internet Security Threat Report found that most chief information officers think their organisation only uses 30 or 40 SaaS applications, but the actual figure is, on average, 928.
To help you prepare for the GDPR, Forbes breaks down the steps you should take to prepare your SaaS stack:
- Consider assigning a cross-departmental task force. “This is an IT issue, certainly,” Forbes writes, “but procurement, compliance, HR, Legal, and other business units must also be educated on its impact. Bringing multiple teams to the table will also help IT identify and wrangle shadow applications, an important step to GDPR compliance.”
- Know what you need to do. The GDPR is a big, complicated law with plenty of intricacies. Some of the more important things you need to familiarise yourself with are its scope, how to seek consent, hiring a data protection officer (DPO) and reporting data breaches, but that’s only the beginning. If you’re serious about complying with the Regulation, you should enrol on a training course.
- Review your existing compliance processes. The GDPR is similar to current data protection laws in a lot of ways (although it strengthens or clarifies many elements), so organisations that are already compliant will be well placed to meet the new standards. Performing a gap analysis can help organisations identify the areas that need to be addressed.
- Evaluate your current tech stack. “Does it provide the visibility and controls that you need to comply with GDPR and prevent breaches?” Forbes writes. If it doesn’t, you should address “everything from security software to compliance tools to vendor management to all things data-related”.
GDPR training courses
To find out more about how you can prepare for the forthcoming changes, you might be interested in one of our GDPR training courses.
Our GDPR Staff Awareness E-learning Course is a flexible way of introducing your staff to the Regulation’s compliance requirements. It covers the scope of the Regulation, the key data protection roles, the principles for collecting and processing personal information, and how to apply the requirements to your organisation.
This course is suitable for all staff, and with the cost of data breaches rising every year, it’s essential that everyone in your organisation follows best practice for staying secure.
For more in-depth GDPR training, take a look at our certified training courses. Depending on your level of expertise, you might be interested in either:
- Certified EU General Data Protection Regulation Foundation (GDPR) Training Course
- Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course
- Book these courses together in our Combination Course and save 15%.