With GDPR on the home stretch and hurtling towards your business, you have a couple of months left to pull up your socks and straighten that tie. Companies need to prepare for full enforcement of GDPR regulations as of May 25th 2018. While the new General Data Protection Act can seem daunting at first glance, it isn’t too late to implement that changes you need to be remain compliant. We’ve prepared 7 quick and easy additional tips that will have you in tip top shape well before the GDPR rules change. Read this article on the basics of GDPR 2018 and what to expect before you continue on to these extra points. Give yourself and your customers piece of mind by taking heed of these interesting and important changes.
Tip 1: Don’t Be Afraid!
Don’t let scaremongering around the impending GDPR regulations bother you. Your industry may be bustling with talk about what you should and shouldn’t change, but this is a time to become more in control of the data you manage and store, and less unsure of where you lie if you’re hit with SARs (Subject Access Request). Focus on the embedding of long term and systematic “privacy by design” processes and policies, to strengthen your organisational structure. It’s not as scary as it seems, and is actually quite a straightforward process if you tick all the right boxes. Read on to learn what the main ones are.
Tip 2: GDPR Applies to Everyone
If you’re wondering whether your company needs to change its data storage and protection practices in preparation for the new GDPR regulatory changes, the answer is YES. This new legislation is set to effect all industries regardless of the organizational functions of these businesses. If you’ve got personal data from partners, clients or employees, you’ve got to make some changes. For the first time in history, the European Commission is exporting European data protection principles globally, meaning any company that works with information relating to EU citizens will have to comply with the requirements of the GDPR. This will be the first global data protection law, and just another reason for companies to start taking data privacy more seriously.
Tp 3: Keep External Compliance Notices Together
Deal with all of your external compliance obligations in one place for ease of access and use. We know your privacy notice should clearly state why you are collecting personal data, how it’s being stored, what it is and what you’re using it for etc. This information can be published online along with your copyright notice which explains what your position is on copyrighting. Having all of this information in one place makes it clear and concise for your customers and partners while maximising transparency and compliance. It means less inbound inquiries about your data storage and management processes for you too.
Tip 4: The Definition of Personal Data
In the past, many forms of personal data were not relevant when it came to the reach and relevance of GDPR. As a broad term, personal data is about to become even broader, with GDPR extending its reach significantly. The important thing to take note of here, is that the new GDPR guidelines outline that any information that can be used to identify an individual is now considered to be personal data and must be treated as such according to the new regulations. For the first time, things such as genetic, mental, cultural, economic or social information will be deemed personal data, and treated as such. So, if you’re unsure about certain types of data and whether they fall under the new GDPR’s umbrella of rules and regulations, your best bet is to assume they do. From here on, very few forms of personal data will not fall under these regulations.
Tip 5: Data Breach Notification Reqs
The GDPR draws on various European data breach notification laws and is aimed at making sure companies and organisations constantly monitor for breaches of personal data they collect and store. Organisations will be expected to alert their local data protection authority within 72 hours of any personal data breaches they are alerted to. This means you’ll need to consider the technologies and processes you need in place to enable appropriate and efficient detection and responses to a data breach if or when it occurs.
Tip 6: Purging Data at a Subject’s Request
The GDPR introduces a very strict and documentable set of regulations to ensure personal data is always available upon request. With the new GDPR regulations, subjects have the authority to request their information to be purged, or forgotten. If a client or partner requests for their personal data to be permanently deleted, you must do so swiftly. This is considered an SAR demand and must be met in order to remain GDPR compliant. This new approach to the minimisation of data storage means that organisations will be required to expunge data as quickly as possible. That is, they can only retain information for as long as is absolutely necessary. What’s more, if organisations wish to change the way in which they use data they already possess, they must issue fresh requests for consent to subjects before implementing those changes in data usage.
Tip 7: Map Out the Path to May
Map out the next steps for your organisation to take on the road to becoming GDPR compliant in the nick of time by May 25th 2018. Create purposeful steps using short, medium and long term actions deciding which employees will take them forward and see them through to completion. Create GDPR training schedules for all staff who deal with personal data, preparing them for on the job rules they must adhere to and ensuring the change is implemented as early as possible resulting in a smooth transition. GDPR is everyone’s responsibility and using action and engagement, your staff will be as comfortable with it as you will be.