On the 25th May 2018 GDPR will be enforced. Not following and obeying GDPR can result in fines of up to €20 million or 4% of your global annual turnover, whichever is greater. There are 12 simple steps to take now to best prepare you for GDPR…
Those within your organisation making the key decisions will need to be aware of the changes to GDPR. It is important that they know the impact their decisions could have.
- Information you hold-
Document all personal data that you have stored. Where it has come from and with whom you share it with.
- Communicating privacy information-
Review your privacy notices and plan ahead on how you will make any needed changes for GDPR.
- Individuals’ rights-
Check the procedures you have in place to make sure they cover the rights an individual has. This would include aspects such as how you would delete personal data.
- Subject access requests-
Update all necessary procedures and create a plan on how you will handle requests and providing any information taking into consideration the new timescales.
- Lawful basis for processing personal data-
Clearly identify the lawful basis for your processing activity. This should be documented. Privacy notices should be updated in order to explain it.
Review how you find, store and update consent and if there are any changes you will need to make. Any existing consents that do not meet GDPR standards they must be updated.
Perhaps you may need to put systems into place in order to verify the ages of individuals and to also get a hold of parental or guardian consent to access any data.
9. Data breaches-
It is vital to have the correct procedures in to place in order to discover, report and examine any data breach efficiently and effectively.
- Data Protection by Design and Data Protection Impact Assessments-
GDPR has made this is a legal requirement, you should therefore familiarise yourself with the code of practice on this matter.
- Data Protection Officers-
You will need to designate someone to be responsible for data protection compliance and ultimately as this is a new role, you will need to figure out where this role fits in your organisations structure and government arrangements.
Does your organisation operate in more than one EU countries? If so, you will need to determine where your lead data protection supervisory authority is which is usually where your headquarters are, your main building. Make a map of where your organisation makes its most important decisions in regards to processing activities.