Free Trial

GDPR Compliance: 3 Steps to Get Started

The General Data Protection Regulation (GDPR) is one of the hottest topics in IT security around the globe. The European Union (EU) regulation gives people more say over what companies can do with their data, while making data protection rules more or less identical throughout the EU. Although this regulation originated in the EU, its impact is global; any organization that does business using EU citizens’ data must be compliant.

With the May 2018 deadline looming, IT security professionals worldwide are scrambling to ensure they’re ready (and avoid the strict fines for non-compliance and security breaches). In the video below, Sumo Logic VP of Security and Compliance George Gerchow offers three ways to get you GDPR-ready in no time.

1. Establish a Privacy Program

Establishing a privacy program allows you to set a baseline for privacy standards. Once you have a privacy program in place, when new regulations like GDPR are released, all you have to do is fill in the gaps between where you are and where you need to be.

2. Designate a Data Protection Officer

This is a critical part of complying with GDPR—and a great way to build sound data security principles into your organization.

Under the GDPR requirements, the Data Protection Officer:

  • Must report directly to the highest level of management
  • Can be a staff member or an external service provider
  • Must be appointed on the basis of professional qualities, particularly expert knowledge on data protection law and practices
  • Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge
  • Must not carry out any other tasks that could result in a conflict of interest

3. Take Inventory of Customer Data and Protections

Before GDPR compliance becomes mandatory, take a thorough inventory of where your customer data is housed and how it is protected. Make sure you understand the journey of customer data from start to finish.

Keep in mind that the data is only as secure as the systems you use to manage it. As you dissect the flow of data, take note of critical systems that the data depends upon. Make sure the data is secured at every step using proper methodologies like encryption.

Bonus Tip: Arrange Third-Party GDPR Validation

Between now and May 2018, you still start to see contracts coming through that ask if you are GDPR-compliant. When the deadline rolls around, there will be two groups of organizations out there:

  • Companies that have verification of GDPR compliance to share with prospective clients.
  • Companies that say they are GDPR compliant and want clients to take their word for it.

Being in the first group gives your company a head start. Conduct a thorough self-assessment (and document the results) or use a third-party auditor to provide proof of your GDPR compliance.

Learn More About GDPR Compliance

Ready to get started with GDPR? George Gerchow, the Sumo Logic VP of Security and Compliance, shares more tips for cutting through the vendor FUD surrounding GDPR.

Get Started Today!

Sign up for your FREE Sumo Logic Trial.

Free Trial
“Sumo Logic brings everything together into one interface 
where we Hudl can quickly scan across 1,000 servers across and gigabytes of logs and quickly identify problems. It’s awesome software 
and awesome support.”

Jon Dokuli,
VP of Engineering

Sign up for your 30 day free trial!*
Sign up for Sumo Logic Free
  • No credit card required to sign-up
  • Create your account in minutes
  • No expiration date*
  • *After 30 day trial period, reverts to Sumo Logic Free
    View All Pricing Options
    Already have an account? Login