According to a recent Evalueserve survey, 60% of the organizations started working toward becoming GDPR-compliant, 30% are employing external partners to help them become GDPR-compliant, while the rest prefer to sort out any challenges internally.
The GDPR, which comes into force on May 25, 2018, should be a top priority for all your departments if your company has operations in the EU. You might think that improving privacy protection and data security are only for your IT department, but actually you will have to make changes in processes among your HR, Marketing, Finance, or any department that works with data collected from EU citizens.
What information can data subjects obtain from your company?
Individuals’ rights pose the biggest challenge among companies, according to the Evalueserve survey. Under the GDPR, EU citizens have the right to know how their data is being used, and your company must ensure transparency of information such as:
- The purpose of the data processing
- The data you use during this process
- If there is any third party that can access the data
- The source of the personal data that was not collected from the data subject
- If the data is used for profiling or other automated systems
How is data storage done and who can access your database?
You need to document all the data you collect and process, including origin of the data, the storage period, and if the contacts are aware of the purpose. Also, if you manage several systems, you must integrate them to avoid data breaches. Of course, it would be easier to store all your data in one place, so you could consider using a platform that helps you organize and centralize data.
How are data notifications given?
The GDPR requires you to provide information to EU citizens, if they request it, in a "concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.”
How do you train your employees?
As mentioned earlier, all your departments have to understand what GDPR is and their role in helping the company become compliant. Organize training sessions and evaluate the teams' compliance status. If such efforts haven’t started yet, they should as soon as possible to ensure your entire company is GDPR-ready.
How easy is it to adapt and scale systems to the new regulations?
Being GDPR-complaint will be one of the biggest challenges until May 25, 2018, but also after it comes into effect because EU legislators will continue to make changes. This is why you should be in proactive in scaling your current system and preparing your teams to adapt. Technology might cause you a lot of trouble, but it also provides you a lot of help when you choose the right solution. You know you found the right platform when you can ensure transparency and compliance, and can process the increasing requests from data subjects.
No matter the size of the company, becoming GDPR-compliant is hard, but everybody can start with small steps as long as they start taking them now. Also, you might need the help of an external team that specializes in GDPR matters or hire a Data Protection Officer to help you and your teams get the job done before May 25, 2018, and keep up with the updates afterward.