Demystifying GDPR Data Compliance—5 Steps You Can Take Today
Over the past few months, we have been writing about GDPR compliance and how it will affect your organization. There are hefty fines for non-compliance, even if your organization resides in the United States, so not complying really isn’t an option. As the May 25th GDPR compliance deadline quickly approaches, the time to begin your path to compliance is now. But if you’re feeling overwhelmed by all of the requirements and aren’t sure where to start, we’re here to help. Here are 5 steps you can take today:
The first thing you need to do is discover whether your company has any EU records within your database. For this, create queries in your database that would allow you to see all of the EU records that you own. This will simply allow you to see what type of records you have and if it will be necessary to take any further steps.
It is important for you to document how you are managing your data. Keep a change log that tracks—ability to erase, define retention and deletion policies. This will ensure that once GDPR changes come into effect in May, your organization is able to tweak their processes to be GDPR compliant.
Start getting your legal stuff in order! Come up with the policy needed to notify the appropriate authorities in case of a data breach. What will your policy be for consents for processing and to keep compliant vendor contracts? These are all things that should be considered before May.
4. Report and Communicate
You need to ensure that everyone at your organization is aware of the new policies and the GDPR compliance laws themselves. Seek consent from all key parties at your organization for the new policies that will go into effect. Lastly, provide your organization with platforms for compliance tracking. There are great tools out there to help with this issue.
Begin drafting the language you will add to your Terms and Conditions to include consent to manage people’s information. Remember, with GDPR compliance, people who give your organization personal information must give you permission to use their data.
Once you’ve completed the 5 steps, it’s time to implement functionality gaps. Give BroadPoint a call – we can help!