With the new EU General Data Protection Regulation (GDPR) coming into force in May 2018, time was ticking to get our data protection and privacy policies up to scratch.

May blog from our series “A day in the life of a CISO”

That said, GDPR will bring more governance requirements, more rights for individuals and a need for more consistent practices. Stringent penalties will be applied if we fall short of the new standards. As a company, we knew we needed specialists help to prepare.

So, I set up a meeting with the Capgemini Cybersecurity and Data Protection team asap.

They talked through the need for a holistic view of data privacy and protection, and how personal data must be managed, protected and controlled. While the main emphasis would fall on the first phase of this ― getting data properly organized ― all three elements would have to work together to provide ongoing consistency.

I was already aware of Capgemini’s cybersecurity portfolio. I’d long been an advocate of their consulting and managed services ― which actually are a great fit for GDPR’s emphasis on detecting and notifying breaches and leaks proactively.

After the meeting, the Capgemini team laid out a gap analysis to establish a roadmap for reviewing our security and privacy processes, improving data protection all along the lifecycle and moving forward our GDPR compliance. This roadmap included all the necessary mechanisms, technology solutions and controls that would enable us to respond to data and privacy threats appropriately. Implementation is now under way ― and we’re well on schedule for when the GDPR kicks in.

Find out all about Capgemini’s data protection services here.