
GDPR: The “privacy equivalent of SOX” - pdog
https://avc.com/2017/09/gdpr/
======
kenbaylor
This is a tough space. Many people will come in with 'tech solutions' others
will come in with 'consultants'. I'm pretty deep in the weeds in this one.

My 2c: 1) Get a great data protection officer early. They set the roadmap.
Can't afford one? you can outsource it (<shameless plug>dataprotectors.eu
</plug> and a few others provide the service). Make sure he/she is certified
by a competent body

2) You DPO must know BOTH techie stuff, and law and your core business.

3) Your DPO reports to the board, and has very strong powers legally. Choose
them well.

4) they have to sign off on the vast majority of things you do (so get one who
understands your business)

5) No GDPR compliance can shut you down in Europe pretty quickly (from s sales
perspective) and be a massive distraction. Fix it early.

Bad or no DPO = GDPR fail.

