Has GDPR Request handling been identified as an operational task?
You are about to finish your GDPR-project. You now know what personal data is kept in your organisation, how it gets there, who you share it with, who within your organisation owns it and finally how it gets deleted.
You have also updated or changed required technical functionality, so you stay compliant. Your map is more or less complete – at last.
Are you ready for the 26th of May 2018, the day after the GDPR will be enforced? If the above is “all” you have done, the simple answer is No.
- Exercising rights to personal data will automatically generate operational tasks in the organisations that don’t exist today.
- Not being able to do this is also a non-compliance with the GDPR.
- Processing of GDPR Requests needs to be implemented across HR, Legal and IT and enable you to handle a sudden big increase.
What is a GDPR Request?
GDPR Request is not an official term, but it is a way to look at the up-coming GDPR processing in an ITIL Request Fulfilment or Request for Service context.
Are you ready to validate and authenticate a request for information?
If not coordinated and planned in a robust manner, requests will pop up in random places, through random channels, and will they be dealt with in a random manner, by random people without relevant people being aware of the status or indeed the workload.
Handling the upcoming request type is for major parts about defining and implementing the change of behavior and need for internal coordination and thereby set expectations for processing activities.
Do you have robust and monitored processes in place that will enable you to handle a sudden big increase in these requests? Imaging that, due to no fault on your part, an unfortunate case of handling personal data has occurred in your business segment, and now it is spilling over to your organisation, with a significant increase in request for information about, or request to delete or change to data.
- How do you secure yourself against an organized attack?
- Have you thought about how much of your documented HR and GDPR related processes you can and should automate?
- Do you plan to have a specific GDPR-team sitting around to reduce this issue?
- Can GDPR Request handling turn into a major incident?
It seems that the majority of the time invested in GDPR related initiatives has focused on being adequately technically compliant on May 25th.
The interest in looking for a solution by buying new technical functionality has without doubt been founded in the avalanche of technical sales pitches the management level within the companies have received.
reflectIT bring from several GDPR projects the experience, that it hasn’t become clear for several companies, that GDPR also comes with a set of processes that needs to be coordinated, agreed and documented across HR and IT.
Interested in support for setting up a robust GDPR Request handling?
reflectIT can provide you with a solution based on experience and knowledge from GDPR projects in some European and global leaders’ sectors such as energy, food & dairy, finance, and banking.
Therefore, we can enable a fast-track implementation of a GDPR Request handling at your company.
Solutions based on experience and knowledge
reflectIT is a leading specialized provider of effective and efficient solutions to operational tasks within business consulting and digitalization of business processes.
reflectIT GDPR Request handling is no silver bullet. It is a proficient and pragmatic solution to the potentially largest operational risk to the organisation’s GDPR responsibilities.
reflectIT products and services are rooted in the strong requirements for quality, integrity, security, and governance found in the financial sector through many years of management experience from banking, financial IT services, and financial information services. Our consultants each have more than 20 years of management experience in regulated sectors such as Defence, Healthcare, Public Safety, Food, Finance, Energy, and Telecom.