The CIO’s Guide to General Data Protection Regulation (GDPR) Readiness in 90 Days

GDPR Compliant in 90 Days

Digital Transformation is no longer a choice but an imperative for Business Success. Digitization therefore must meet, the essential requirements of integrative cybersecurity, system reliability and availability. It should address everything from the integrity of data, awareness of people, efficiency of processes and networks to the security of datacenters, infrastructures, applications and devices. Furthermore, digital transformation initiatives must comply with law to protect personal data of customers and employees.

Depending on your industry and geographical location certain laws and data protection regulations may apply to your digital transformation initiative. European General Data Protection Regulation (GDPR) is one of the recent additions to the European legal system. The legislation has been adopted to replace the Data Protection Directive (Directive 95/46/EC) from 1995 and came into force in May 2016. It requires businesses to be compliant by May 25th 2018.

The Regulation aims to protect personal data of people working and living in Europe. Therefore, the regulation applies to all European businesses and those who collect and process data of Europeans as well as those who are working and living in Europe.

In just 7 months from now the General Data Protection Regulation (GDPR) will come into force. Based on my recent talks with the CIOs, it is clear that the majority of organizations are not yet ready to comply with the new data protection regulation.

A Tremendous Business Risk with Severe Financial Consequences

Non-compliancy can result into penalties up to € 10 million, or 2% of the worldwide annual revenue of the prior financial year or in more severe cases up to € 20 million, or 4% of the worldwide annual revenue of the prior financial year.

The 90 Days GDPR Readiness Approach In 3 Phases And 6 Steps

In the last few months I have been working on putting a process in place to help CIOs effectively and efficiently achieve GDPR compliancy. I am pleased to share with you "The CIO’s Guide to General Data Protection Regulation (GDPR) Readiness in 90 Days”.

The method is based on best practices and have 3 main implementation phases (Understand, Improve and Control) divided into 6 simple to implement steps to help you leverage business value with GDPR. It also have a phase timeline to monitor the progress. The phase timeline for each step is suggestive and may change depending on the context and complexity of your organization. The steps will help you identify key business domains, processes, systems, applications and stakeholders that are impacted by GDPR. Moreover, they provide guidelines on how to effectively turn GDPR related business and legal challenges into opportunities to maximize business value.


The 90 Days GDPR Readiness Framework

Sheraz Ali GDPR Phase Timeline


The 90 Days GDPR Readiness Phase Timeline
Sheraz Ali GDPR Phase Timeline

Sheraz Ali GDPR Phase Timeline
About Sheraz Ali

Mr. Sheraz Ali, M.B.A is a “Best in Business” award-winning serial entrepreneur and Digital Transformation, Security & E-Privacy advisor to businesses and federal governments.

With more then a decade of experience in diverse management and consulting roles, in the fields of Information & Technology Services, Business Consulting, Financial Services, Cyber Security and Risk Management, he helps enterprises to innovate and excel in highly competitive and rapidly changing business environments.

Organizations he supports, effectively and efficiently innovate and build disruptive products and services. His value adding support empowers them to integrate and benefit from emerging technologies such as: Fintech, Blockchain, IoT, Big Data, Advance Analytics, Artificial Intelligence and Cloud Computing.

Sheraz Ali, M.B.A