The implementation date for the General Data Protection Regulation has come and gone with little obvious adverse effect except for those who gratuitously destroyed their own marketing lists after misunderstanding the new regulations about consent.
Companies have discovered that the world did not suddenly come to an end on a single big bang day and they can now settle down to and take a longer term view of their obligations in relation to private data as defined in the GDPR.
Many have been doing this already, and Nuix gives us a case study from a US-based Fortune 100 corporation which anticipated the need to rationalise, manage and control their data in advance of the GDPR.
The paper is called GDPR compliance using the “always on” approach from Nuix. The situation described in the opening of the case study is a common one – large volumes of data held in multiple systems and multiple jurisdictions by a company which needed to address cross-border investigation and litigation requests.
It decided to address future compliance as well as cleaning up after the past. At the same time, it wanted to address internal and external cybersecurity threats and to create a reporting structure giving both oversight and detail.
The case study is short and gives a good overview of the steps needed for a cool and rational approach to addressing the problems, not just of the GDPR, but of wider business control.