There is no doubt that the General Data Privacy Regulation (GDPR) will change the way companies worldwide view and handle the personal information of EU citizens and, by extension, the private information of individuals in countries around the globe. GDPR breaches may result in hefty fines, bad publicity and lost revenue. As a multinational corporation with offices in 11 locations globally and more than 2,700 customers worldwide, ForeScout views GDPR as a critical initiative and is taking steps to achieve compliance with the requirements of GDPR.
In 2017, the general counsel of ForeScout tasked a cross-functional team to evaluate the GDPR and develop a plan to address its requirements. Through firsthand experience, we came to realize that understanding the GDPR text and applying the principles to one’s own organization can be complicated. To assist our customers, we thought it might be useful to share our experience in hopes that we can simplify your journey into becoming GDPR-compliant. Below is the process we are using and will continue to refine. Our process involved the following five steps:
Step 1. Assess: As with all regulations, the most important step is identifying the impact of the regulation on the company’s existing strategy for managing and mitigating risk.
Step 2: Define: In this phase, we interpreted and applied the definitions in GDPR Article 4.
Step 4: Implement: Two areas of focus for the team were to internalize and test our interpretation of GDPR both from a human and technical standpoint.
Step 5: Train: In this phase, we help our employees understand the context of GDPR, the goal of the Council of the EU in defining the standards for GDPR, and the steps we need to take internally to ensure compliance.
Watch our webinar where Tony Miller, Sr. Director of Legal Affairs, explains in depth the process that the ForeScout team used and will continue to use in preparing for and maintaining GDPR Compliance.