GDPR – Strategies & Checklists


We offer solutions that will allow for continuous discovery and monitoring key data elements.

GDPR discussion and review, takes more than a small team rather it is an enterprise-level effort. The success of this effort requires more than simply gathering data flow diagrams. That is why we offer solutions that will allow for continuous discovery and monitoring of these key data elements.

GDPR – General Data Protection Regulation
Why are you waiting until the GDPR deadline to determine your state of Compliance?

The deadline for GDPR compliance is May 25, 2018. What should you do before and after this deadline? Why is this significant to your organization? Just like most compliance deadlines that we have seen in the past, many organizations delay any significant investments and performing an unbiased external assessment.

Why should you do something different this time?

  1. There is no expectation of this deadline changing
  2. Don’t use your existing internal or external auditors. Get an unbiased opinion
  3. Complete a “technical” compromise assessment ASAP. Get an understanding of your current state today
  4. GDPR is not a small compliance effort that you can complete as part of another compliance effort

Benefits of completing a Compromise Assessment:

  1. If you find something is compromised before the deadline, you may not have to disclose
  2. A discovered compromise after the deadline will guarantee you pay significant fines
  3. A compromise assessment should also include data discovery
  4. Doing this data discovery can either shorten or provide a prioritized approach
  5. Avoid fines
  6. Avoid disclosure

Non-Compliance Fees and Penalties

Lower Level

Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • Controllers and processors under Articles 8, 11, 25-39, 42, 43
  • Certification body under Articles 42, 43
  • Monitoring body under Article 41(4)

Higher Level

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:

  • The basic principles for processing, including conditions for consent, under Articles 5, 6, 7, and 9
  • The data subjects’ rights under Articles 12-22
  • The transfer of personal data to a recipient in a third country or an international organisation under Articles 44-49
  • Any obligations pursuant to Member State law adopted under Chapter IX
  • Any non-compliance with an order by a supervisory authority (83.6)

GDPR Compliance Checklist
What should I do and in what order? 

  1. Data discovery – using automated tools
    • Structured data – Database discovery
    • Unstructured data discovery – DLP will not discover all of this data
  2. Data flow mapping
  3. Compromise Assessment
  4. GDPR Gap Analysis
  5. Remediation – based on Compromise and Gap Analysis
  6. Formal Data Privacy Program
  7. Data Privacy Architecture
  8. Data Privacy Policy Management
  9. Third Party Management
  10. Data Inventory Management
  11. Data Privacy Risk Management
  12. Data Privacy Incident Management
  13. Data Privacy Training and Awareness Management
  14. Data Privacy Communication Management
  15. Data Privacy Protection

Data Discovery and Ongoing Monitoring

The continuous monitoring and ongoing discovery of both structured and unstructured is an essential part of GDPR compliance. There is no one piece of technology or solution provider that accomplishes this for both structured and unstructured data. Intersec security and compliance and security experts have worked with our partners and vendors to put together what we believe and seen to be the most effective combined solution. For this combined solution we are able to bundle and deploy these separate components into a fully integrated solution that works for ongoing discovery and monitoring. Below are a list of the types of components that we include in this combined solution:

  1. Network data tapping technology to feed the combined tools
  2. Database and structured data discovery – uses machine learning and data feeds to monitor for changing content autonomously at scale
  3. Unstructured data discovery for all  Endpoints, File shares, SharePoint, Cloud and more – DLP is not effective
  4. Data Classification automated and integrated with discovery tools
  5. Data rights management and protection (DRM/DRP) – automated with discovery and classification technologies. Managed by designated data owners from a central console
  6. Data flow diagrams built in real-time based on updated information


Resource link: