This is the second in a series of articles explaining how companies should address the daunting requirements around data security and cloud services contained in the GDPR. With the May 2018 compliance deadline looming, organisations should already be on the path to compliance. With cloud services a major part of the GDPR puzzle, this series of articles is designed to provide practical guidance to help organisations along the road to compliance.
In the previous article, we looked at how organisations could address the first “audit” stage. This first step in the GDPR compliance process can be broadly summed up in the following headings:
Discover every cloud application used by employees across the business;
Know which personally identifiable information (PII) and data are being processed in the cloud by employees, and understand whether this data is defined as “