The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25th. As most organizations are aware, the GDPR applies not only to EU businesses but also many companies in the U.S. While the deadline is quickly approaching, most organizations are still grappling with the implications of the regulation on their business. Even if your readiness efforts are behind the curve or the May 25th date has passed, the following five actions will help you begin your efforts towards compliance and help mitigate your organization’s risk in the short-term.

1. Perform an assessment of data processing activities.

Assemble a team of stakeholders across the organization and ask the following questions:

»» What personal data do we collect?

»» Where do we get the data?

»» How does our system protect the data we receive?

»» What is the risk involved in the collection process and what lawful basis do we have for processing the data?

Understanding the kind of data you have and how it is processed and shared is essential to understanding your compliance obligations and prioritizing solutions for the most high-risk areas.