Three steps towards GDPR readiness

GDPR is on its way. Getting started is critical – but where should you start? We asked EY Law's GDPR Executive, David Ericson, to share his thoughts with us. Watch our video with David or read his blog below.

GDPR concerns each and every company that gathers or processes data about customers or employees.

David Ericson
Executive Director, EY Law

Recently I had the pleasure to speak at Sympa’s GDPR breakfast event in Stockholm. I work with GDPR on a daily basis, as I am responsible for the practice areas that include IT related legal advice and data privacy compliance at EY Law in Sweden.

I’ve been contacted a lot about the EU’s General Data Protection Regulation (GDPR), as it comes into force on 25th May, 2018, following a two-year transition period. I’ve noticed a few common misunderstandings regarding the new Data Regulation – so I’d like to share my thoughts with you.

It’s a common misconception that GDPR is something that only insurance companies, banks or retailers have to worry about. The reality is that GDPR concerns each and every company that gathers or processes data about individuals, such as customers or employees.

Many companies feel a little overwhelmed when thinking about how to ensure that their business complies with this new EU Data Protection Regulation. But there’s no time to dither, as GDPR is on its way.

Here are my top three steps on how to get started.

1. Be aware of GDPR and start mapping your data

As a starting point, you need to understand the new regulation and what it means for your company. You also need to be aware of what kind of data you’re holding or processing. Start by mapping all your data and include all the necessary departments within your company.

2. Involve the entire company in your GDPR project

It’s all too easy to leave the whole process to just one section of your organisation; for instance, your legal team, the IT department or HR. Yet preparing for GDPR requires a multidisciplinary approach. Ensure your GDPR-compliancy with the skills of all three, and perhaps other departments as well.

3. Start now

The 25th May 2018 may seem like a long time away, but GDPR is just around the corner. It’s better to start early and be compliant ahead of schedule than it is to be late with all the risks involved.


This is the fourth post in our GDPR blog series where we discuss the upcoming General Data Protection Regulation. You can find the complete series here