What's your GDPR state of the world?

[David Curry <david.curry () NEWSCHOOL EDU>]

As a university with a relatively small general counsel's office, we have
been using an outside legal firm to help us with GDPR compliance. As I was
commiserating with counsel last week about the costs of these services, we
started wondering, now that some of the "urgency dust" has settled, what
other universities in our situation have been doing in this regard.

And so, a short little survey about GDPR compliance efforts:

   1. What tasks has your organization completed so far?
   2. What tasks are you currently working on?
   3. What tasks have you decided to postpone (for whatever reason)?
   4. Do you have an internal team/committee working on GDPR? If so, what
   business units are represented? Or is it all being handled by just one
   person/department (e.g., counsel's office, IT security)? And if that, who?
   5. Have you hired outside GDPR consulting services? If so, what did you
   use them for? And what type of company was it (law firm, IT consulting
   firm, other)?

Please respond to me privately (or share to the list if you want). I'll
assemble all the responses together anonymously and post them here in a
week or so.

[Forgive the cross-posting; earlier GDPR discussions were split between the
SECURITY and PRIVACY lists.]

Thanks,
--Dave



--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.curry () newschool edu

[image: The New School]