The General Data Protection Regulation (GDPR) comes into place on 25th May 2018. with significant fines of up to 4% of annual global turnover for non-compliance, it’s definitely better to be active rather than re-active with this one.
The last thing you want is to be one of the first companies found to be non-compliant to the GDPR, as well as the monetary loss, this is likely to be newsworthy and therefore crippling to the company reputation. So, what steps can you take to prepare?
Step 1. Create Awareness
Make sure the relevant people in your organisation, like policy makers, understand the rules and implication of GDPR and the necessity for full compliance.
Step 2. Review
Review and document all data processing activities and security processes within your company. This means a full data audit. Be sure to identify the ‘what’, ‘why’, ‘when’ and ‘where’ of the data you hold.
Step 3. Assess the risks
When it’s likely that a new or existing data processing activity involves a high security risk, a ‘Private Impact Assessment’ is required to mitigate this risk.
Step 4. Identify needed measures
Identify what measures need to be taken regarding the current data processes and plan for any changes needed to achieve compliancy.
Step 5. Identify key partners
Identify your joint controllers, processors and sub-processors and work with them to create instructions on how data should be handled.
Step 6. Review contracts and policies
Review existing contracts and privacy policies and amend where needed.
Step 7. Appoint a DPO
If you have over 250 employees, you will need to hire a qualified data protection officer.
Step 8. Consider a one stop shop option
Are you operating or processing data in multiple EU member states? If so, consider your one stop shop options to offer a uniformed level of compliancy.
Step 9. Inform and enforce
Inform and enforce changes to your policy, terms and conditions and contract to third parties.
Related Article: What you need to know about GDPR
How can we help?
We can assess your readiness for the new legislation with a GDPR Health Check. This can be carried out as standalone service, or in conjunction with an existing ISO certification.
GDPR Health Check breakdown
What you’ll receive:
- One of our expert auditors will visit your place of work and conduct a GDPR assessment.
- Access to our unique GDPR action plan.
- You’ll receive a detailed report that will highlight gaps that need to be addressed to achieve compliance to GDPR.
- Strengthen customer trust by demonstrating you take risks to personal data seriously.
- Mitigate against costly fines and damage to reputation.