Susy Mendoza


When the General Data Protection Regulation (GDPR) came into effect in May of 2018, many legal departments were confronted with the gravity of just how they were going to comply with such a wide-reaching law. If you have international customers (both direct to consumer or business to business), it is not hard to convince your general counsel that compliance with the GDPR is a must. You may even be able to get the chief technical officer (CTO) or chief operating officer (COO) onboard just by mentioning the steep fines—two to four percent of worldwide gross revenue. But how does the compliance message and method then trickle down to database administrators, product managers, software engineers, and enterprise architects? In order to get to the level of operational readiness companies strive for, it takes a village to facilitate moving the needle of regulatory compliance on any scale. In this Article I will chronicle what I have seen as building blocks in helping companies prepare for and execute on privacy initiatives.