Demystifying GDPR Data Compliance—5 Steps You Can Take Today

GDPR Image 2.16.jpg

Over the past few months, we have been writing about GDPR compliance and how it will affect your organization. There are hefty fines for non-compliance, even if your organization resides in the United States, so not complying really isn’t an option. As the May 25th GDPR compliance deadline quickly approaches, the time to begin your path to compliance is now. But if you’re feeling overwhelmed by all of the requirements and aren’t sure where to start, we’re here to help. Here are 5 steps you can take today:

  1. Discover

The first thing you need to do is discover whether your company has any EU records within your database.  For this, create queries in your database that would allow you to see all of the EU records that you own.  This will simply allow you to see what type of records you have and if it will be necessary to take any further steps.

2. Maintain

It is important for you to document how you are managing your data.  Keep a change log that tracks—ability to erase, define retention and deletion policies.  This will ensure that once GDPR changes come into effect in May, your organization is able to tweak their processes to be GDPR compliant.

3. Protect

Start getting your legal stuff in order!  Come up with the policy needed to notify the appropriate authorities in case of a data breach.  What will your policy be for consents for processing and to keep compliant vendor contracts?  These are all things that should be considered before May. 

4. Report and Communicate

You need to ensure that everyone at your organization is aware of the new policies and the GDPR compliance laws themselves.  Seek consent from all key parties at your organization for the new policies that will go into effect.  Lastly, provide your organization with platforms for compliance tracking.  There are great tools out there to help with this issue.

5. Access

Begin drafting the language you will add to your Terms and Conditions to include consent to manage people’s information. Remember, with GDPR compliance, people who give your organization personal information must give you permission to use their data.

Once you’ve completed the 5 steps, it’s time to implement functionality gaps. Give BroadPoint a call – we can help!

For additional information on GDPR compliance, visit https://www.eugdpr.org or https://gdpr-info.eu

 

Ricardo Garcia-VillegasGDPR, ERP, CRM