Being as informed as possible about the GDPR is critical to assembling a strategy to address the regulation.
Understanding the regulatory expectations and how they might apply to your business can help you recognize what resources to continue to invest in, how to limit risk and liability and where best to focus your time and energy in addressing areas of concern.
To help you, we've assembled the following roundup of resources. These links should set you on the path to assembling a full 360 view of what the GDPR means for you. Using these resources, you can explore, read, learn and use that knowledge to maintain GDPR compliance.
Take an initial dive into the new world of GDPR compliance with the EU's own GDPR informational website.
The EUGDPR website has a plethora of information right from the regulators. It features plenty of background on how the EU got to this point, what the EU hopes to achieve by implementing GDPR and so on, as well as answers to frequently asked questions about many different aspects of the regulation. For an overview of deadlines, expectations and other basics, it's the place to start.
But with a regulation as complex and far-reaching as the GDPR, there is plenty more for businesses to know and take into consideration. If you're left wondering what exactly a given term on the GDPR website means in general, or for you in particular, there are many more resources out there to take you deeper.
The UK Information Commissioner's Office (ICO) is an independent UK-based authority promoting data privacy and information rights for the general public. In keeping with their mission, they've been providing a great deal of information on the ins and outs of GDPR, untangling and demystifying some of the more complex and nuanced aspects. Following the organization's news blogs is a great way to understand all of the emerging issues surrounding GDPR.
And if you want to go as in-depth as it gets, check out the Overview of the GDPR. This is a continually-updated and incredibly in-depth exploration of the key themes at play. The language is technical, nuanced and thorough, and the document is broken out page-by-page into sections covering each critical GDPR-related topic.
Salesforce is one of the biggest names in CRM, and being such a big player, when it comes to meeting compliance standards they're at the forefront. Here you can read about what they're doing – on their own and with their customers – to maintain GDPR's compliance benchmarks.
If you've got concerns about how contracts and other documents are impacted by GDPR, SpringCM's GDPR overview is a great starting point.
The page offers plenty of general information on GDPR, as well as its impact on contracts and documents in particular – and some insights into how vendors who manage such data can set their clients up for compliance.
Microsoft offers a repository of information on how to maintain GDPR compliance, along with tools to help businesses determine their level of readiness.
UK-based blog IT Governance features news on a host of IT-related issues, including GDPR. This is a good place to find articles discussing the impact the regulation has on such easily overlooked, practical facets of the IT world as staffing.
This IT-related blog features articles and opinions related to the broader world of IT, data privacy and compliance, and sometimes features explorations of what requirements like privacy-by-design means for businesses on the level of implementation.
What are the legal implications of the GDPR? There are still a lot of questions, which the bloggers at FieldFisher raise and address here (among other concerns at the intersection of data privacy and the law).
GDPR compliance may mean some serious changes when it comes to what counts as business-as-usual, and that can make businesses understandably nervous. But by doing your research, understanding what's at stake and working with good vendors who take compliance seriously, you can ease any fears and get back to focusing on what you do best – meeting your customers' needs.
Editor's Note: This post was originally published in September 2017. It has been updated for accuracy and comprehensiveness.