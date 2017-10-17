Leadership is an overused word, and is often misused. We like this definition.

As global organizations prepare for May 2018 GDPR deadline, Collibra shares recommendations for avoiding common compliance pitfalls

Global organizations are working quickly to ensure they will be in full compliance with the General Data Protection Regulation (GDPR), which goes into full effect on May 25, 2018. There is no deadline extension and penalties for non-compliance are significant: up to 4% of annual global revenue. Collibra, the leading data governance software platform for business users, today shared recommendations for avoiding six common GDPR pitfalls that can impede compliance.

The GDPR focuses on protecting the personal data of European Union citizens. But it’s not just EU companies that need to concern themselves with GDPR compliance. Any organization across the globe that collects data about EU residents must demonstrate compliance.

“Ensuring GDPR compliance is no trivial matter, nor an initiative that can be cobbled together in just a few weeks,” said Felix Van de Maele, co-founder and CEO for Collibra. “It’s essential that organizations act now to prepare to be fully GDPR compliant, otherwise they risk not only major financial penalties but reputational damage. Collibra is playing a critical and expert role in helping our customers leverage data governance as a framework to help ensure consumer data remains safe.”

Here are six common GDPR compliance pitfalls, along with ways to ensure they don’t hamper your company’s compliance efforts:

1. You Haven’t Engaged Legal Counsel



With a compliance deadline less than a year away, having experienced legal counsel onboard is critical to ensure your organization is fully compliant with the complex GDPR legislation. While it’s tempting to think your organization can go it alone, legal counsel isn’t a luxury but a necessity.

2. You’re Not Looking at GDPR Holistically



GDPR isn’t just about identifying and securing data, so it requires the full participation of stakeholders across the organization. These stakeholders include business managers, data teams, IT, human resources, and the C-suite.

3. You Haven’t Made an Inventory of Your Business Processes



Understanding how data moves across and beyond your organization is a critical component of GDPR. You’ll need the participation of business units to document the kind of data you collect or process, understand where that data lives and how it’s used, and identify who is responsible for that data and who has access.

4. You Are Not Accounting for Shadow Systems



More than 80% of IT professionals say their end users have implemented unauthorized cloud services or other software in their organizations. This is a growing problem in today’s age of the consumerization of IT, BYOD programs, and the rise of cloud technologies. Take the time now to account for shadow systems and meet with users from across the business to understand what tools they use and why.

5. You Rush to Encrypt Your Data



While encryption can be a valuable tool, it’s not, in and of itself, a complete solution. While encryption has its attractions, it is fundamentally a technical solution that does not address the human factor: how to control access in a way that protects personal data while providing legitimate data users with the information they need to do their jobs.

6. Your Organization Lacks Skills Specific to GDPR



The right expertise will help your organization interpret regulations, assess your readiness, implement a data protection program, and monitor your compliance journey. While hiring specialized talent can help, cultivate the talent you have since they’re the ones who know your business – and your data – best.

To learn more about these GDPR pitfalls and recommendations on how to overcome them, download the new Collibra e-book, “6 GDPR Compliance Pitfalls (and How to Avoid Them).”

