The General Data Protection Regulation (GDPR) - A topic which people are either worried about or are just burying their heads in the sand about, but like it or not GDPR is here to stay.
Here at Assured DP we have been taking compliance and implementation very seriously (as a company who protects data certainly should!) and we understand it is difficult to know where to start for any business, but as a business it's no use burying your head in the sand!
As the deadline looms we are still seeing worrying statistics about business being unprepared or worse have still done nothing at all. With this in mind we've put together a guide with 7 steps to take now (if you haven't already!) of things we've come across along the way which may help.
1. Appoint someone to co-ordinate the process
A Co-ordinator can gain an understanding of what your company needs to do. GDPR isn't just an IT department issue, it will affect all departments. Ideally getting a team of delegates on board (be it big or small, depending on your company size) from each department of the business can be helpful. The Co-ordinator can then guide the departmental delegates on the procedures.
2. Read the GDPR chapters and articles in full
We appreciate this will be a bit of a long-winded task but so important. The articles are not written using too much jargon so are fairly easy to get your head around. It also helps for a few people in the business to do this gain the best understanding possible. Find the chapters and full articles here.
3. Discuss with directors and senior management
Your directors and senior management team need to be aware of the implications non-compliance will have on the business. Getting them on board with understanding GDPR is critical to your success as you may need financial input to achieve compliance which may be less costly than facing the penalty fines -Prevention is better than the cure!
4. Understand the Data Controller and Data Processor roles
These roles will change considerably from currently legislation. Understanding the difference between the two roles and any Sub-Processor roles plus the contracts and procedures that need to be in place between them is important for the 'Security and Processing of Data' chapter. Read more here.
5. Look at your data security
From who will come into contact with the data to encryption and also recovery, it may mean your current systems and processes need updating or changing - a step to take fairly quickly with just over 2 months to go. Read about security of processing here.
6. Understand 'The right to be forgotten'
A very important step to get right for compliance. If a customer asks for any personal data you hold for them to be deleted, you must be able to eradicate this without any trace and be able to provide proof to the individual that this has been carried out. You need to make sure your systems have the technology in place to make this possible. Read more here.
This is a great way to demonstrate your commitment as a business to compliance for GDPR. It also demonstrates to consumers that you take the security of personal data seriously which builds trust between you, your current and potential customers.
We hope you have found this quick guide useful! Again, these are just some steps you can take now and are by no means designed to be a comprehensive GDPR guide but hopefully helpful in your journey for getting ready for the 25th May. If you would like to find out more about how data management solutions from Assured DP can help with GDPR please contact a member of our team here or read our White Paper to discover more.
The above article is the opinion of Assured Data Protection Ltd only and is not designed to be used as legal guidance for GDPR compliance. Assured Data Protection take no responsibility for actions taken as a result of reading this article.