GDPR stands for General Data Protection Regulation. It is a privacy and security regulation, and it is considered one of the toughest in the world. GDPR came into effect in May 2018, impacting organizations operating both within and outside the EU that collect personal data of EU citizens. Although GDPR changed how organizations handle and process personal data, it also considerably changed how data breaches are handled in general.
Organizations caught breaching the new regulation, such as not obtaining customer consent for data processing, can expect to be fined in the range of 20 million euros or 4 % of the annual global turnover.
These fines are devastating to any company; the best approach is to ensure they are GDPR compliant.
So how should you approach GDPR, and where to start?
The best way to approach GDPR is to have a practical and detailed plan. In addition, the program should be engaging enough to get participants attracted from relevant functional areas to your business. Below are five suggested vital steps that will go a long way in easing your GDPR compliance journey:
Establish data breach procedure
Ensure that you have a procedure for handling data breaches. Data breaches should be updated to assure notification and timing requirements are met as stated by the EU supervisory authorities.
Audit all Personal Data
Make sure you know all personal data your organization holds, where it came from, who has access to it and where they’re stored.
Update Privacy Notices
Review and update your privacy notices and make sure they are GDPR compliant.
Raise Awareness within the organization
Teams need to be aware of the new legislation and understand the potential impact and areas that require attention for compliance. This is an ongoing process to ensure your teams are trained and aware of the effects of this regulation.
Andreas Springer _Actonic_
Head of Marketing
Actonic GmbH
Germany
2 accepted answers
1 comment