Here at SpringCM, we work hard to build strategic partnerships with best-in-class software and service companies that work with us to bring even more value to our customers.
Morae Global is one of those strategic partners. They’re an integrated solution provider for the legal and compliance function around the world.
And as an advisory organization dedicated to supporting General Counsel, Chief Compliance Officers and others with Legal and Compliance responsibilities, they’ve been very busy with customers helping them to prepare for GDPR.
I sat down with James Ewing, Senior Managing Director at Morae, to gain perspective on how they’re helping their customers prepare for the GDPR.
James: Our customers and their outside counsel typically have a very good understanding of the legal requirements facing the company, and GDPR is no different. Where we come in is helping to turn those requirements into actionable steps to take in order to achieve compliance. With GDPR, which is wide-ranging and complex, the steps range from helping our customers efficiently develop a record of processing activities, to designing system remediation strategies, and efficient approaches to ensuring vendor compliance, along with training and awareness for employees. Our value-add is in simplifying the complex.
James: There is no lack of quality resources out there. Law firms and consulting firms are putting out useful guidelines and checklists. Following the WP29 guidance is critical as most already know. I have also found some of the paid privacy information services to be very valuable, especially in looking for useful templates and best practice examples, plus the ability to research issues within certain markets.
James: I actually have three pieces of advice.
First, prioritize. Although you are working toward full compliance, you need to spend time up front prioritizing to ensure that you are dealing with your biggest gaps and riskiest issue first. Otherwise, you will quickly become overwhelmed with all that needs to be done.
Second, don’t forget that a key component of GDPR is the need to be able to “prove it”. You need to be documenting how you are achieving compliance, and then preparing in advance for audits of the program and due diligence of your vendors post-May.
Finally, it is difficult to do this alone - look for help. There are a number of great partners out there, from law firms with exceptional expertise in this area to technology vendors that are continuously developing new tools to help ease the compliance process.
SpringCM and Morae Global share a commitment to helping our customers prepare for the looming GDPR deadline.
Here at SpringCM, we’ve developed a number of resources to help our customers on their road to GDPR compliance (all categorized below).
As you prepare, it's important to note that this post doesn't serve as legal advice. If you'd like guidance on your company's specific circumstances, please consult your legal counsel.