The GDPR deadline is just days away, and no organization that collects personal data is exempt from its new rules. As the deadline approaches, it’s a good idea to run through your checklist, and to compare it to another compliance checklist to make sure that you haven’t left anything out. This is not something to take lightly, as failure to comply could result in damage to your company’s reputation, its relationship with its customers, and, ultimately, its finances. Assessing your plan and getting help where needed will ensure that you can get a framework in place for data protection.
Comprehensive Data List
When speaking about being able to manage your data, it’s first important to understand your data. You should have a list of the personal data points that you have collected, where the data comes from, how you use and share that data, and the age of that data.
If your company uses consent forms, those need to be reviewed and updated so that users have clear control of their data and how it is going to be used. Under GDPR, it’s important for people to be able to say “no” just as easily as they can say “yes.”
Future Data Management
Beyond the May 25, 2018 GDPR deadline, you’ll have to continue to manage your data in a compliant way. You need to assess if you already have someone in-house that can do that job, if you need to hire someone for that job, or if you need to get help from a third party to manage your data moving forward.
Has everyone and anyone that touches your data or makes decisions about your data been informed of the GDPR measures taking effect, and received internal communications about how your company is implementing the changes and how you’ll proceed moving forward? It sounds tedious, but you’ll want to make sure all your SOPs have been updated to cover your new policies, to define the purpose for your data, and to review who and how access is gratned to that data.
Have you laid out new company procedures for communicating data breaches, performing data audits, and handling customer inquiries and request to be forgotten?
If you have contracts with other companies, make sure those partners are aware of your policy updates, and also ensure that they have updated their policies to be compliant with GDPR. Update any and all contracts and get each company involved to sign the addendum.
There are special categories of personal data, including that of children, anything genetic, and employees. Be sure to double check the GDPR standards for this information so that your policies on collection, processing and storing are compliant. You’ll also want to keep up with any changes to GDPR, so that you can adjust and adapt as needed.
Be sure to also check out Part 1 and Part 2 of our GDPR series if you haven’t already!
DISCLAIMER: This website is neither a magnum opus on EU data privacy nor legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand how Digital Style has addressed some important legal points. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.