Organisations Still Confused About GDPRSeptember 26, 2018GDPR
May 25th witnessed one of the most significant privacy and online regulation shakeups since the 1980s. May 25th witnessed one of the most significant privacy and online regulation shakeups since the 1980s. Organisations are still confused about GDPR; and bewilderment as well as anxiety surrounding the hype and fear that led up to and followed the GDPR and enactment. GDPR affects everyone globally, from Facebook and Google down to the individual online shopper.
GDPR should be viewed positively, many businesses have taken on-board the GDPR requirements in a positive manner, reaching out for help with in-house security issues, going the extra mile to protect the data they process, ensuring third-party processing companies, affiliates, suppliers and contractors are fully compliant, reaching out also to their client base, letting them know they have:
- updated their privacy and cookie policies,
- ensuring their data subjects are entirely in the loop as to what is happening with their data and seeking consent where necessary,
- carrying out legitimate interest balancing exercises and,
- where necessary seeking the assistance of data protection professionals where there is any doubt.
Don’t ignore GDPR
However, recent reports have highlighted that many business owners continue to bury their head in the sand like the proverbial ostrich! Some have taken a half-hearted approach without knuckling down to grasp the full intentions of the GDPR. Sadly, when this year is out, data protection authorities will be expecting full compliance without excuse.
Most data protection authorities we have spoken to are still happy to give a guiding hand in these early days, without the strict requirement that will be expected further down the line. Ignorance will not be a defence. Rather than risking your business with the harsh penalties in force, an ideal scenario would be to invest some time, effort and budget into making considerable efforts to become fully compliant. After all, the GDPR confusion is all about the protection rules; whether it is for protection or not only the rights and privacy of your data subjects but also the reputation and security of your business.
Get an action plan together right now, start with these necessary steps toward compliance and build on them as you get a better understanding of the GDPR. We are here to help if you come across any problematic hurdles.
- Step 1. Get started. Well done you have done this already merely by being here and reading this blog!
- Step 2. Set up a team depending upon your business, but ideally, you will have a cross-function team to govern your organisation’s GDPR compliance journey.
The IT department should have a GDPR compliance leader, reporting to the directors.
It is vital that each person nominated take responsibility for GDPR compliance and draw up comprehensive policies and procedures as well as regular monitoring and reviews of internal technology processes, methods, choices and advancements.
- Step 3. Identify your data across all your servers and applications.
Conduct an in-depth data analysis to enable you to manage and govern it correctly. Locate your historical data and decide what do to with it in line with the GDPR.
To be compliant you should be in a position to respond to any data enquiry and spot any breach immediately.
- Step 4. Know where data goes. With whom do you share your data? Are they fully compliant?
Take advice if in any doubt at all, as data is the backbone of your organisation and the acute focus of the data protection authorities. Reckless data sharing or transferring with non-compliant data processing companies or third countries who are not correctly data compliant with the GDPR will get you into hot water.
There are rules in place to adhere. Again, take advice if in any doubt at all, if your business relies upon the transferring of data out of the EU.
- Step 5. Ensure your technology is innovate concerning cybersecurity and malware. IT departments should be looking at the highest level of security relevant to your organisation and the data it handles.
Data protection tools such as encryption, pseudonymisation and data protection software, technology by design, rapid breach notification software. Speak to specialist data protection experts on ensuring robust technologies within your organisation.
- Step 6. Know what to do in the event of a breach. Put together policies and procedures as well as regular training for your team on what to do in the event of a data compromise incident.
Our blog “The lowdown on Data Breach Reporting” gives some great tips on what questions to ask and immediate action to take. Most importantly know who your local data protection authority is, have their number on speed dial!
Target GDPR compliance
Our six steps will help you with compliance and help you stay on top of your game. Burying your head in the sand and living on a hope and a prayer is not a strategy. Protecting your business by being GDPR compliant will give you an extra advantage over competitors. You are showing existing clients, potential clients, personnel, investors and stakeholders that you are a business to trust, applaud and appreciate.