On the 25th of May 2018, the General Data Protection Regulation (GDPR) will become part of EU law. Only 67% of companies in the Technology, Media & Telecommunications sector are ready for GDPR, according to a survey carried out by CFO Survey in 2017. This new law will strengthen and unify data protection for all individuals within the EU and also those who handle personal data outside the EU as well. It's important that organisations that fit these criteria are aware and have processes in place which comply with these new regulations.
So, if you're reading this, there's a good chance that you are preparing for GDPR! What should you consider to ensure your business is GDPR compliant?1. Acknowledgment: Make sure that you are acknowledging that GDPR is happening and make your employees (especially those that will be directly or indirectly involved in data protection) aware of the regulations from the very beginning.
2. Accountability: You need to make a record of all your data and examine it.
4. Data Controller/ Data Protection Officer: You may need to appoint a data controller and data-protection officer (DPO) to deal with any interactions regarding consent.
5. Legal Ground: It is also very important to have legal ground established and understood when processing personal data. This can be made easier only storing data that is essential.
6. Detecting a Breach: Make sure you have the correct procedures in place to detect a data breach. A breach in personal data must be reported to the supervisory authority within 72 hours of occurring.
By defining and implementing processes around the key areas above, you will be on your way to being ready for GDPR. Here at Nathean, we have been working hard to ensure that we have followed these steps in preparation for GDPR, and we will continue to ensure data privacy for all our data subjects by following these guidelines. If you would like to know more about GDPR, we have a downloadable brochure that is available to download, just click on the button below!