As of May 25, 2018, wherever you are in the world, if you do business in the European Union or handle EU residents’ personal data, the European General Data Protection Regulation (GDPR) is set to change the way you manage data. With penalties for non-compliance representing 4% of worldwide revenue (or €20 million, whichever is higher), companies cannot afford to ignore the GDPR.
Celergo has presented several webinars explaining the necessary actions needed (CLICK HERE); however; below is a reference tool highlighting ten steps to operationalize GDPR.
10 Steps to Operationalize GDPR
Communicate GDPR impact
Communicate the requirements of the new GDPR law to all decision makers and key stakeholders.
Document personal information
What personal information do you hold? Start now and document what personal information you hold, where it came from and who you share it with.
Update privacy information
Review and update, if needed, your current privacy notices to create a plan for the GDPR implementation.
Create data protection plan
How will you ensure individual rights are protected? How will you delete personal data or provide data electronically and in a commonly used format? Take time to create a plan and process for protected data.
Plan for handling requests
Update your policies and procedures and determine how you will handle requests given the new guidelines.
Update privacy notices
Update privacy notices to explain the connection between your organization and GDPR.
Analyze how you seek, record and manage consents to determine if you need to make any substantial changes. Review existing consents now to make sure they meet the GDPR standard.
Detect data breaches
Ensure you have the correct procedures in place, to detect, report, and investigate a personal data breach. Be ready for escalations!
Designate Data Protection Officers (DPO)
Determine if you are required to designate a Data Protection Officer (DPO). It’s best practice to designate someone to take responsibility for data protection compliance, structure, and governance.
Determine protection authority
If your organization operates in more than one EU member state, determine who will be your lead data protection supervisory authority.
The EU Data Protection Regulation (GDPR) is the most important change in data privacy regulation in over 30 years. GDPR has increased the awareness of EU data privacy and greater compliance throughout the life-cycle of data. Are you ready?
Disclaimer: The information contained within this portal does in no way constitute legal advice. Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required.