Gone are the days that data security was "just" an IT concern. GDPR affects all departments handling personal data, from operations and sales to finance and HR. Grow the skills to implement privacy by design through understanding the needs of all departments working with personal data.
IT teams are the backbone of data security in any organisation. Their responsibilities include maintenance of current infrastructure, storage solutions, security provisions as well as adhering to existing standards such as PCI DSS.
Under GDPR, IT teams are required to embrace privacy by design however before this can happen the current environment needs to be examined under the framework of GDPR.
Whether considering how applicants engage with the organisation or how employee data is processed for payroll, HR must comply with GDPR. Finance teams are also handling supplier and customer billing data daily including their activities in the GDPR compliance journey.
Data Protection teams must understand these data processes enabling them to ask the right questions to ensure the organisation can successfully achieve and maintain GDPR compliance.
Both Sales and Marketing departments are largely responsible for new personal data entering the business. Many use a number of tools and providers to achieve their goals. In addition, email marketing and business development activity is owned by these departments.
Sales and Marketing must share with those responsible for Data Protection how data enters the business, which processors they use, and which processes must be compliant.
Support, Customer Success, Account Management, Product Development, Engineering and other teams handling personal data or building products that facilitate the processing of personal data will need to achieve GDPR compliance.
Understand the right questions ask across all departments in your organisation to gain a full view of how your business processes personal data.