30 Nov General Data Protection Regulation (GDPR) is “Ante Portas”. Are you ready?
General Data Protection Regulation (GDPR) takes effect May 2018, and creates challenges for every organization doing business in the EU. Fines are set too high and thus organizations’ need to highly tune their antennas.
Are you ready?
The following top 10 practical tips might assist you in identifying how far or how close you are from compliance and take any necessary steps in time:
1. Make sure you fully understand why you collect and hold data as the GDPR requires you to give explicit information to individuals explaining how their data will be used. Only if you fully understand the reason why you collected them and hold in the first place you can comply with the requirement of explaining.
2. Stop collecting data or at least make sure what changes you need to do in your data collection and storage.
3. Make sure all your privacy notices are updated according to GDPR requirements.
4. Make sure that everybody in your organization understands that IP addresses and other online identifiers are personal data and consequently you need to follow GDPR requirements.
5. Make sure you have recently reviewed the consent practices to bring them in line with current GDPR practices.
6. Make sure all your staff has been trained and is aware of key changes, such as no longer being able to charge for responding to subject assess requests.
7. Proceed to an assessment on how long you need to retain data for and how you store and secure it. Make sure you don’t keep data longer than you need to and double check that you keep it secure.
8. Amend all your data contracts. Even if they comply with the current law GDPR introduces additional requirements and you need to comply with.
9. Check with your suppliers (especially those outside the EEA) as there have been additional requirements introduced when using data service providers outside Europe and your suppliers should be aware of these changes by now.
10. The “accountability” concept is included by the GDPR and it means that organizations need to provide evidence on the actions taken to comply to new legislation. So, do keep records of your preparatory actions for compliance to GDPR; you might be asked for.
The GDPR is new and organizations will have to be in constant alert to make sure that their policies and practices are all aligned with the refinements and explanations of the regulation.
No matter in which stage your organization is at you need to make sure you have the right partner to guide you through and assist you to become compliant by May 2018.