--- title: "Gdpr compliance: 3 steps to get started" page_name: "GDPR Compliance: 3 Steps to Get Started" type: "blog" slug: "gdpr-3-steps-to-get-you-started" published_at: "2017-08-16" modified_at: "2026-01-30" url: "https://www.sumologic.com/blog/gdpr-3-steps-to-get-you-started" canonical: "https://www.sumologic.com/blog/gdpr-3-steps-to-get-you-started" markdown_url: "https://www.sumologic.com/blog/gdpr-3-steps-to-get-you-started.md" lang: "en" excerpt: "GDPR is coming. Are you prepared? Sumo Logic VP of Security and Compliance shares three tips for getting your organization GDPR-compliant in no time." taxonomy_blog_category: - "Compliance" - "SecOps & Security" --- [ All blogs ](https://www.sumologic.com/blog "blog")[Compliance](https://www.sumologic.com/blog/compliance), [SecOps & Security](https://www.sumologic.com/blog/secops-security) # GDPR Compliance: 3 Steps to Get Started [Melissa Beck](#blog-author-block-218) August 16, 2017 2 min read [Compliance](https://www.sumologic.com/blog/compliance), [SecOps & Security](https://www.sumologic.com/blog/secops-security) ##### Table of contents The [General Data Protection Regulation (GDPR)](https://www.sumologic.com/platform/security) is one of the hottest topics in IT security around the globe. The European Union (EU) regulation gives people more say over what companies can do with their data, while making data protection rules more or less identical throughout the EU. Although this regulation originated in the EU, its impact is global; any organization that does business using EU citizens’ data must be [compliant](https://www.sumologic.com/platform/security). With the May 2018 deadline looming, IT security professionals worldwide are scrambling to ensure they’re ready (and avoid the strict fines for non-compliance and security breaches). In the video below, Sumo Logic VP of Security and Compliance George Gerchow offers three ways to get you GDPR-ready in no time. ## 1. Establish a Privacy Program Establishing a privacy program allows you to set a baseline for privacy standards. Once you have a privacy program in place, when new regulations like GDPR are released, all you have to do is fill in the gaps between where you are and where you need to be. ## 2. Designate a Data Protection Officer This is a critical part of complying with GDPR—and a great way to build sound [data security principles ](/wp-content/uploads/2015/08/SL_WP_Cloud_Security_2015-Final-2.pdf)into your organization. Under the [GDPR requirements](http://www.eugdpr.org/), the Data Protection Officer: - Must report directly to the highest level of management - Can be a staff member or an external service provider - Must be appointed on the basis of professional qualities, particularly expert knowledge on data protection law and practices - Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge - Must not carry out any other tasks that could result in a conflict of interest ## 3. Take Inventory of Customer Data and Protections Before GDPR compliance becomes mandatory, take a thorough inventory of where your customer data is housed and how it is protected. Make sure you understand the journey of customer data from start to finish. Keep in mind that the data is only as secure as the systems you use to manage it. As you dissect the flow of data, take note of critical systems that the data depends upon. Make sure the data is secured at every step using proper methodologies like encryption. ## Bonus Tip: Arrange Third-Party GDPR Validation Between now and May 2018, you still start to see contracts coming through that ask if you are GDPR-compliant. When the deadline rolls around, there will be two groups of organizations out there: - Companies that have verification of GDPR compliance to share with prospective clients. - Companies that say they are GDPR compliant and want clients to take their word for it. Being in the first group gives your company a head start. Conduct a thorough self-assessment (and document the results) or use a third-party auditor to provide proof of your GDPR compliance. ## Learn More About GDPR Compliance Ready to get started with GDPR? George Gerchow, the Sumo Logic VP of Security and Compliance, shares more tips for [cutting through the vendor FUD ](https://www.sumologic.com/blog)surrounding GDPR. ### Article Tags - [Compliance](https://www.sumologic.com/blog/compliance) - [SecOps & Security](https://www.sumologic.com/blog/secops-security) Melissa Beck VP, Corporate Marketing Melissa is a strategic communications professional with 20+ years of experience developing and scaling global communications and influencer programs. Currently, she leads global communications for Sumo Logic focusing on corporate thought leadership, customer advocacy, employee communications and social media. In addition, she runs Sumo Logic’s Customer Advisory Board. [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=GDPR%20Compliance%3A%203%20Steps%20to%20Get%20Started&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fgdpr-3-steps-to-get-you-started "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fgdpr-3-steps-to-get-you-started "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fgdpr-3-steps-to-get-you-started "Linkedin") [Previous blog Machine Learning and Log Analysis](https://www.sumologic.com/blog/machine-learning-log-analysis)[Next blog The Top 5 Reasons to Attend Illuminate](https://www.sumologic.com/blog/top-5-reasons-attend-illuminate) People who read this also enjoyed [ Sumo Logic AWS Region European Sovereign Cloud is now generally available June 2, 2026 ](https://www.sumologic.com/blog/sumo-logic-aws-region-european-sovereign-cloud-generally-available)[ Rethinking data governance and global compliance February 18, 2026 ](https://www.sumologic.com/blog/rethinking-data-governance-global-compliance)[ NIS2: Prepping your cybersecurity plan December 19, 2023 ](https://www.sumologic.com/blog/nis2-prepping-your-cybersecurity-plan)[ Cyber attackers hit the jackpot: learn why casinos aren’t the only ones vulnerable September 19, 2023 ](https://www.sumologic.com/blog/cyber-attackers-jackpot-vulnerabilities) [AI Instructions](https://www.sumologic.com/ai-instructions.md)