General Data Protection Regulation (also known as GDPR), that came into effect on the 25th of May 2018, poses new standards of operating with data. Here are some steps we recommend:
- Awareness. Make sure you and every other decision-maker or influencer in your company is aware of what exactly is going to change.
- Information audit. Check what personal data you hold, which sources it comes from and of course whom it is shared with.
- Privacy notices. Review your current privacy notices and think over how they should be modified to comply with GDPR.
- Individuals’ rights. Check your procedures, especially if you can delete personal data upon request.
- Requests. Make sure your procedures allow you to effectively accept requests from users.
- Documentation. Update your legal basis and make sure your documents comply with it.
- Consent. Review and check how you seek consent from newcoming users. Check if it complies with GDPR.
- Children. If needed, make sure you can qualify your users by age and seek parental consent when needed.
- Breaches. Check if you have the procedures to investigate data breach in case it happens.
- Data protection. Make sure your data is backed up properly, including shared documents, emails and SharePoint sites.
- Data protection officers. Appoint someone who’ll be in charge of communicating with them.
- EU. If you operate in more than one member state, check our Article 29 once again.
- Backup everything, including your G Suite and Office 365 with all emails, documents and sites.
To sum up, proper GDPR compliance will save your money and maybe even your business, so at least consider checking the list above.
We work for your security