The European Union (EU) General Data Protection Regulation (GDPR) includes strict privacy and security requirements regarding the types of information that can be used to identify a covered individual, and your business must ensure that you’re fully prepared to comply with these regulations by May 25, 2018. As you prepare for enforcement to go into effect, you might be feeling overwhelmed by the sheer amount of information out there. When it comes to your GDPR strategy, though, there are six key points to keep in mind in order to see the greatest success.

1.) Look at GDPR as an opportunity, not a threat.

The data protection and privacy strategies you implement for GDPR can be used to protect any confidential data your business handles, not just the personal data (name, unique identifiers, location data and other identifying information) defined in the GDPR legislation. This built-in security should help reduce the risk associated with your confidential data and may help protect you against the threat of fines and litigation. Look at these security controls as a value-add for your business.

2.) Invest in personal data discovery.

Before you can protect your customers’ personal data, you need to know where it is. It’s not always as simple as looking at the data stored in your database, unstructured data or files. Other data such as MAC and IP addresses and metadata can also be used to identify individuals and must be considered in your overall GDPR plan.

3.) Follow best practices.

Adherence to security best practices should be the default behavior across all lines of business and amongst all employees. Review all systems to ensure that patches and configurations are up to date – the days of “If it ain’t broke, don’t fix it” are over. Remember that non-compliance can result in penalties of up to 4% of your worldwide annual revenue.

4.) Make sure your security controls are appropriate to the level of risk.

A greater volume of personal data carries a greater amount of risk and requires a greater number of security controls. Collaborate with your technical team to ensure that you have reduced as much of the risk as possible before enforcement goes into effect.

5.) Develop a forward-thinking privacy strategy today.

Your risk of fines will reflect your level of organizational and technical preparedness. Don’t wait to perform the data discovery process outlined above. Acting now will help you ensure that you’re in compliance with the new regulation, but security must remain a priority for your business going forward.

While Bronto can’t tell you what you need to do in your compliance efforts, we can answer general questions about what Bronto is doing and point you to resources that may help you in your quest. Visit the DMA’s library of GDPR resources or the Oracle Marketing Cloud’s GDPR center.