You should all be aware by now of the General Data Protection Regulation that is set to be put in place during May 2018. But is your business GDPR ready? If not, or if just unsure, use this article as a checklist for your business to see if your company complies by the new regulations. Whether you are mailing data or emailing it, following this ABC guide will help you comply with the GDPR by May next year.
A) Identify What Needs to be Done
First and foremost: what data does your business collect and store? Was it obtained legally and fairly? Were you clear and unambiguous to the party involved about what data was being used and what is was being used for? These are just three of the many things you must consider when analysing how your business obtained its data. It is of paramount importance that you have made the data subjects fully aware of their right to withdraw consent to the use of their information.
Furthermore, you must ensure you are not holding the data for any longer than required and that what data you are holding is up to date. Is the data you hold being kept safe and secure? The data must only be used for its intended purpose and then access to it limited with the use of encryption and pseudonymisation. Finally, you must identify if you hold information on more sensitive data – such as data on children as extra regulations are in place for this type of information.
B) Your Plan
With your assessment of what needs to be done in your business, you must now construct a clear and well thought out plan to execute. This should include creating a data register. This basically is a diary of the processes you have went through to adhere to the new regulations. Failure to do this could result in your firm being fined. Secondly, you must classify your data. Identifying any personal identifiable information is of greatest importance as it is vital you know exactly how this data is being used and that it is being stored safely and securely.
You must limit who reaches this information with the greatest level of security possible to prevent hackers from reaching classified personal data. A breach in your security could cost your business thousands so it is wise to ensure the risk of losing information to a hacker is minimised by upgrading your security system. Finally, you must have a system in place that makes it easy for data subjects to withdraw consent for the use of their information, as this will be legally required under the ‘right for to be forgotten’.
C) Start TODAY!
In order for you to comply by these regulations, you should have ideally started your preparations already. However, it is not too late! There is still plenty of time left for you to ensure your business complies with the new General Data Protection Regulations. Simply start off by making a plan of action. Launch an investigation into your business to see whether or not you are GDPR ready and if not, identify what must change. Just remember, misusing data or not following the GDPR can result in a pretty hefty fine, so make sure your business is GDPR ready!
There you have it. Remember, you have until 25th May 2018 until the GDPR takes effect so you still have over half a year to ensure your business is ready for it. With a clear plan of action, you will find no difficulty in achieving this.