Light Dark
December 12, 2017 By Aubre Andrus 3 min read
Data Protection
Topics

The Gingerbread Man knew that May 25, 2018 was a big day: the day by which he had to achieve General Data Protection Regulation (GDPR) compliance. Organizations around the world — not just those in the European Union (EU) — needed to prepare.

Was it getting hot in here, or was it just the pressure that was heating up the room? Outside his office, the Chief Gingerbread Officer sign hung proudly, but inside it felt like an oven. He was burning up.

Don’t Run!

The Gingerbread Man’s first instinct was to run, run, as fast as he could. But he knew running away from problems wouldn’t end well for him — it would only lead to fines.

Instead of running away, he decided to get a running start. The Gingerbread Man sat down and began to assess his current data privacy structure as well as his company’s biggest risks as a prefabricated house manufacturer.

“What are you doing? A GDPR compliance assessment?” an old lady asked as she stepped into his office and peered over his shoulder. “Why waste your time? Just wait and see what happens to the others first. Come and grab a coffee with me instead.”

The Gingerbread Man considered her invitation. He could wait — but he was smarter than that. “Sorry, but it’s critical for me to assess where the organization is at,” he said as he picked up his laptop and left.

He saw an empty meeting room down the hall, but before he could grab it, an old man stepped in front of him. “I need this room to finish up our plan. We have to be GDPR-compliant by the end of May,” the Gingerbread Man said.

“Don’t worry about a plan!” the old man said. “Your assessment is enough. Why don’t you sit in on my meeting instead? You’ll get some quality face time with your employees!”

The Gingerbread Man considered for a second — but he was smarter than that. Without a plan, he’d have a hard time figuring out what activities he actually needed to do to achieve GDPR compliance.

“Sorry, but I’m too busy right now,” the Gingerbread Man said as he ran down the hall toward the cafeteria. He grabbed a table, popped open his laptop and began designing and developing a road map and implementation plan. A pig pulled up a chair next to him.

“That GDPR plan looks pretty good,” he said. “Looks like your work here is done. Why don’t you share this plate of vegetarian nachos with me?”

The Gingerbread Man glanced at the nachos. They smelled delicious — but he was smarter than that. He knew he had to keep moving forward, otherwise his efforts wouldn’t be worth it.

“Sorry, but I need to implement and execute these policies, processes and technologies. No time for lunch today,” he said with a wave. The Gingerbread Man quickly stepped outside and grabbed a seat on a bench away from everyone. He needed a quiet space to monitor the results of his efforts.

The Final Push for GDPR Compliance

It was a beautiful day outside and the Gingerbread Man was able to chip away at his goals, uninterrupted. But then he heard a bark. A dog playfully ran toward him.

“Come play with me,” the dog said as it dropped a ball at the Gingerbread Man’s feet. “Everything is running smoothly — you don’t need to babysit it. It’s such a nice day.”

The Gingerbread Man could feel the warm sun. He was tempted to stop — but he was smarter than that. He had to measure and document the program’s effectiveness. Otherwise, what was the point?

“Sorry, but I don’t have time to play today,” the Gingerbread Man said. He headed back to his office. It didn’t feel quite as hot anymore. It wouldn’t be long until his company was fully GDPR-compliant. But when he opened his laptop, something concerned him: a suspicious incident from someone named Fox.

Thanks to all of his hard work, the Gingerbread Man’s security controls were in place. Within hours, he responded to and managed the incident and prevented a more severe breach from occurring. The Fox wasn’t going to get him this time.

Staying On Track With Your GDPR Journey

Compliance isn’t always fun, but you must get a running start on security before the pressure builds. Stick to the path and don’t let distractions stop you from fully completing your GDPR compliance journey.

Watch the webinar: Get GDPR-Ready — Because Data Protection Is About to Get Personal

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.

 |  |  |  |  |  | 
Aubre Andrus
Children's Book Author

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature