GDPR is coming. On May 25th, the EU-wide data protection regulation becomes enforceable by law. Ignoring it is not an option, nor is taking a half-hearted approach to its rules.
Aligning your data protection policies with the GDPR does more than simply shield your business from massive fines. It will give compliant companies a competitive edge and protect reputations. It also presents an opportunity to consolidate data into a unified platform, making the management of it more effective. This results in data becoming more efficient and customer-centric. Enhancing data protection as per GDPR guidelines is also the right thing to do from an ethical standpoint.
To help organisations think about where they are with their move towards GDPR compliance, we list 12 general questions for you to think about:
- Have you reviewed the necessary company policies? (Data Protection Policy, Breach Incident & Notification Policy, Information Security Policy)
2. What procedures do you have in place to protect privacy and ensure secure processing? (e.g. back-ups, encryption, access control etc)
3. Have you identified the necessary communications and audience (customer, partner, prospect) that will need to receive them?
4. Have you mapped touch points and content across your website and other online platforms that will require amending in line with GDPR compliance?
5. What will your data processing activities consist of?
6. What procedures do you have in place to establish consent and manage information disclosures?
7. What do you have in place to ensure data subject rights are protected?
8. How are you going to manage the sharing and transferring of data with third parties?
9. Have you organised GDPR training for staff and do you know what this training must cover?
10. How do you plan to manage and audit data protection to ensure it remains GDPR compliant?
11. What procedures will you have in place in the event of a data breach?
12. Have you completed a Data Impact Assessment ahead of GDPR becoming enforceable?