The European Union’s General Data Protection Regulation (GDPR) has come into effect on 25th May 2018. Although it has been stated that some companies are ready to comply with the GDPR regulation but the fact is that most of them are overconfident about their readiness. The most important point is that you should consider all the features of GDPR understanding clearly your role in it as it will affect both the controllers and processors of data.
We have compiled a complete checklist to help you understand the compliance required and also help to prepare your company for the forthcoming changes.
- To begin with research deeply about GDPR to see the impact it will have on your organization. Go through the legislation and other related articles.
- Understand all the given information before you apply the laws to your organization. In case of any problem, it is recommended to consult a lawyer who will be able to give you a better understanding of the regulations.
- Once you have become familiar with GDPR, share it with the main people in your organization making sure that they will comply with it.
- Under GDPR you need to hire a Data Protection Officer especially for government agencies, data processing organizations and healthcare companies. You can even appoint a DPO voluntarily for GDPR compliance.
- Make a GDPR compliance team making sure to include one person from each department. This team should be responsible for the evaluation of current data policies and when required make necessary changes along with giving important information to their divisions.
- An audit needs to be conducted to see the type of data collected, the way it is protected and the length of time it is stored for. You have to observe the way data is obtained and the purpose of what is it collected and also whether the data is kept secure.
- GDPR specifies that all data is not equal. Sensitive personal data, genetic data or children’s data needs special protection.
- With GDPR you have to make sure that the data you share is protected. In fact, all companies that you are in contact with should also be GDPR compliant
- Explicit and unambiguous privacy and content notices are given to companies under the new regulation. Check the language making changes if required so that it is easily understood.
Organization of Data
- For GDPR compliance you are required to develop a data map to understand how your company keeps the data it has accessed. The compliance team can create a flowchart or spreadsheet showing the source of data, how it is processed, stored, secured and used by different departments and how and when it is disposed of.
- After this, you have to identify the problematic areas and use GDPR compliance to specify the policies or procedures that need to be changed.
Implementing GDPR Policies
- Make sure that all changes in your company are converted into easy to follow policies and procedures.
- All employees handling personal data should be given training in accordance with GDPR standards.
Review & Reassess
If GDPR compliance has come into effect does not mean the end of your work. It is not a one-time process. Your company needs to be constantly observant as all procedures have to be regularly reviewed and necessary adjustments are done to ensure your company still remains compliant with GDPR. New data protection regulations need constant and continuous efforts and oversight.