Dos and Don’ts of GDPR Compliance
May 25, 2018, which is the critically important deadline for General Data Protection Regulation (GDPR) compliance, looms on the horizon and the minds of business leaders around the world.
Have you started your company’s GDPR compliance fulfillment project and need to double-check your progress or results? Or maybe you have fallen a little behind in progress and could use some help in sorting it all out by the deadline.
Review Our List of GDPR Compliance Dos and Don’ts To Boost Your Confidence
Whether you are your company’s Data Protection Officer (DPO), IT leader or a CIO, you know the stakes involved when it comes to GDPR compliance. The reason for your keen attention to this mission is at least twofold:
- The protection of your European customers’ confidential data as you collect, process, store or transmit.
- The importance of avoiding incurring any penalties, which includes a €20 million fine or four percent of your company’s annual global turnover for the previous year; whichever is greater.
As you lead your organization to full GDPR compliance, it may help for you to review a basic list of dos and don’ts to make sure you and your dedicated GDPR compliance team are on track for success.
Get Started with the Don’ts
Don’t panic or let yourself feel overwhelmed. The scope and consequences of non-compliance are daunting, to be sure, but there is no need to let it engulf you and your team in chaos. Just as importantly, don’t go into a state of denial or intensive procrastination. Mandatory GDPR compliance is serious business, and you do not want to deal with the consequences of non-compliance.
Don’t compartmentalize GDPR, so instead of looking it as simply a data security issue; look at GDPR as a way to make your entire business run better. Every step that you and your GDPR team take toward compliance should focus on the global internal benefits to your entire business.
Don’t forget that GDPR is more than a series of boxes to check off your compliance list. Each day, the world becomes more digitally focused. Our global online economy places us right in the middle of a monumental digital transformation that stands to impact consumers from all around the world. This regulation will help your team continue adapting to the digital nature of global commerce as more nations are likely to follow suit in their own way.
Don’t assume that any software and other technological products will ensure GDPR compliance. Products geared toward providing detailed information, guidance and training can only take you so far. You will need to manually check everything since so much is on the line.
Start Chipping Away at the Many Dos
Do make sure that your decision-makers, staff, internal stakeholders and any other vested parties understand what GDPR is and why it is so important to the security of your customers and the success of your business.
Do hire an auditing firm that can help you navigate the many requirements associated with the GDPR to take some of the weight off your—and your busy IT team’s—shoulders to ensure full compliance and an added measure of confidence, thanks to professionals who have dutifully and thoroughly gone through all the details of the GDPR and are eager to share their knowledge and experience to help you.
Do understand that, once you understand the all the requirements, fulfilling your obligations isn’t so difficult. And what’s more, it will lead your organization to a state of greater overall data security.
Do document all the personal data that your organization holds, as well as where it came from and with whom, or what other entities, you have shared it.
Do review your organization’s current privacy notices, and launch a plan to make any necessary changes to meet the GDPR implementation deadline.
Do make sure you have good risk management since a risk-based approach is critical for any data security plan.
Do designate or hire a DPO, if you are not the DP and have not already filled this crucial position, to take responsibility for data protection compliance. Determine where this key staff member’s role fits within your organization’s structure and your governance arrangements. Your DPO may work in other capacities within your organization, but they cannot be incompatible with their DPO functions. Finally, you may consider enlisting the services of an external service provider—such as a legal representative or a CPA—on a contracting basis.
Do consider any potential cross-border processing, which occurs when your organization operates in more than one of the 28 EU member states.
Do think about whether you need to implement changes to verify individuals’ ages and obtain parental consent to ensure the respective compliance with children’s protective requirements.
Do make sure that your team understands the need for strong communication; particularly when it comes to data breaches and providing appropriate notification to customers.
Are You Ready for GDPR Compliance?
There is so much to do to prepare for the GDPR, but you do not have to face it alone, while trying to juggle a full roster of daily duties. Our GDPR team at I.S. Partners, LLC. is ready to help busy IT leaders and DPOs prepare to protect your valued EU consumers’ vital data and to protect you from stiff fines and certain restrictions associated with non-compliance.