As the General Data Protection Regulation (GDPR) is fundamentally a legal obligation, the role of the legal department is significant on the road to GDPR compliance.
Because Trend Micro is a security company, our historical focus on protecting our customer’s data means that we already had many existing parameters in place to ensure data privacy and security. Now with the GDPR, we have used this an opportunity to both enhance and globally apply consistently high security principals to our business, regardless of whether that region is subject to GDPR.
One of the main projects for our legal team has been updating all of the documentation and contracts involved in all of these requirements, which is a huge task as there are so many partners, employees, and customers.
Another challenge was managing the amount of data we have, beginning with mapping out the data to understand how much there was, where it went and where it was collected.
We’ve also had to update privacy policies internally and externally, and ensure that people know what we’re collecting, and what their rights are around that. We have to ensure that all vendors who touch our network, or who have access to any sensitive data fit our documentation and have the right levels of security in place.
Our key advice to other companies is that if you haven’t started, start now. The deadline is May 25, 2018, which is coming fast, and the regulation is an ongoing requirement for the business.
Watch the video to see how Felix Sterling, Chief Legal Officer and EVP Global Policy & Compliance, and Lianne Harcup, our Data Protection Officer (DPO) and Head of European Legal, have worked with our legal team to prepare for the GDPR.
4/4 – IT Security: Hear what our IT director has to say about how the GDPR is affecting our organization, from taking a global perspective to the way we manage data privacy, to changing the way we communicate.
4/11 – Sales & Marketing: Our COO, Kevin Simzer, explains how we’re on the same journey to becoming GDPR compliant as our customers are, and what the benefits are in this process.
4/18 – HR: See how the GDPR affects our employees, and what we’ll do to ensure they have a good understanding of the regulation.
4/25 – Marketing Operations: Learn how our Marketing Operations team ensures that our customer data is protected across all external platforms.
5/2 – Products and Services: Hear from Bill McGee, SVP Cloud Security, on how we’re always evolving to deliver state-of-the-art capabilities in our products, and how we help our customers deliver their portion of the shared security responsibility of cloud environments.
5/9 – Sales and Channel Enablement: See how important it is that our existing partners understand GDPR, and how we help them find the tools needed to achieve GDPR compliance.