By now everyone is aware that four years ago, the European Commission published a data protection package to reform, modernize and harmonize European data protection law. It was finally approved, by the EU parliament on April 14, 2016, and will replace the 1995 Data Protection Directive, as well as the 1998 UK Data Protection Act.
GDPR goes into effect in May 2018. There are many changes organizations will need to carefully consider making to be sure they are compliant prior to the effective date. The primary focus will be issues pertaining to communication, consent, privacy by design, providing a full audit trail, data exports and the new obligations on data processors.
Waiting until the last minute is not an option. Celergo has presented several webinars explaining the necessary actions needed (CLICK HERE); however, below is a reference tool highlighting ten steps you can take to assist you in your preparations.
Get Prepared in 10 Steps
Communicate GDPR impact
Communicate to all decision makers and key stakeholders that the law is changing to GDPR, and the impact it will have.
Document personal information
What personal information do you hold? Start now and document what personal information you hold, where it came from and who you share it with.
Update privacy information
Review and update, if needed, your current privacy notices to create a plan for the GDPR implementation.
Create data protection plan
How will you ensure individual rights are protected? How will you delete personal data or provide data electronically and in a commonly used format? Take time to create a plan and process for protected data.
Plan for handling requests
Update your policies and procedures and determine how you will handle requests given the new guidelines.
Update privacy notices
Update privacy notices to explain the connection between your organization and GDPR.
Analyze how you seek, record and manage consents to determine if you need to make any substantial changes. Review existing consents now to make sure they meet the GDPR standard.
Detect data breaches
Ensure you have the correct procedures in place, to detect, report, and investigate a personal data breach. Be ready for escalations!
Designate Data Protection Officers (DPO)
Determine if you are required to designate a Data Protection Officer (DPO). It’s best practice to designate someone to take responsibility for data protection compliance, structure, and governance.
Determine protection authority
If your organization operates in more than one EU member state, determine who will be your lead data protection supervisory authority.
The EU Data Protection Regulation (GDPR) is the most important change in data privacy regulation in over 20 years. GDPR has increased the awareness for EU data privacy and greater compliance throughout the life-cycle of data; and there will be changes once the finalize regulation is complete. If you have not started the process, start today. May 25, 2018 is less than 178 days away, and the clock is ticking. Are you ready?
Disclaimer: The information contained within this portal does in no way constitute legal advice. Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information and obtaining independent expert advice if required.