The General Data Protection Regulation has arrived and you need to ensure that you are compliant. All businesses that retain customer information will need to be compliant with GDPR regardless of the size of the operation. If you are found to be in breach of the regulation, you can face heavy fines which is why you need to know what to do to ensure you are compliant.
Identify And Document The Data You Hold
If you have any dealings with people or businesses within the European Union, you will need to identify and document the data you hold. You need to look at what data you are holding and if this data is sensitive or personal. You should also identify how the data is processed and who has access to this data.
All of this information will need to be documented in detail. This initial catalogue of everything that you hold will help you determine the next steps that you have to take. This is also the minimum amount of record keeping that you need to do in order to be compliant with GDPR.
Review Your Current Data Governance Practices
Once you have reviewed your data, you need to look at your current data governance practices and policies. You will have to ensure that these documents have the lawful basis for the processing and retaining of any personal data. You also need to look at areas where you can improve your handling and storage of the data. Internal records have to be kept of all the processing activities you complete as well as the data tagging and classification.
You will also need to review how the data you have flows across borders. In particular, you will have to pay attention to the practice that involves any children’s data. This is due to the fact that GDPR has strengthened the security requirements for processing age verification and consent.
Check Your Consent Procedures
Under GDPR, it will be illegal to hold any data that someone has provided without clear consent. The consent will need to be simple to understand and easy for a citizen of the EU to withdraw. This is why you need to look at the current consent procedures that you have in place.
When you are reviewing your procedures, you will need to consider when consent is needed and how you are going to provide this in line with GDPR. You should also consider how your records of consent given are being kept. You need to ensure that all the records are clear and that they all have a straightforward means of having consent withdrawn.
Establish Procedures For Reporting Breaches
To comply with GDPR, you need to have a procedure in place for reporting breaches. The breaches of your data will need to be reported to the supervising authority in your area as well as the individuals whose data has been compromised. It is important that you have a procedure in place before anything happens to ensure that this aspect of compliance runs smoothly should anything happen.