GDPR has come – and gone? Not really. Despite the deadline passing without the sky falling, GDPR is something that can’t fall off your radar. If your legal and compliance team raised the GDPR flag as something you need to address, then you should certainly be thinking long term. GDPR is not just a regulation - it is an opportunity.
New regulatory requirements are a great opening to take a close look at controls in general. When Sarbanes Oxley hit organizations, they responded by focusing obviously on the financial reporting processes. But over time, companies realized a strong control strategy has benefits beyond those processes. It raised the awareness of managing not only compliance – but of managing risks to the business. GDPR can play that same type of role. While the immediate focus may be on security of personal data – the changes GDPR can bring in policies, processes and technical controls can benefit areas of your business outside of Personal Data.
What Comes after GDPR?
If your organization understands how important it is to protect personal data because of regulatory requirements, then the time is ripe to ask the question – what about other data? GDPR represents a shift in how businesses must address data governance, breach preparedness and risk and compliance management. Those controls can evolve into a better strategy across the enterprise. Take the opportunity – have the discussion.