As we mentioned in a previous post, you have less than one year to make sure your business is compliant with the new General Data Protection Regulation (GDPR). The GDPR is designed to provide better privacy and protection for customers. Have you been stepping up your efforts in order to comply? Organisations can face very hefty fines in the case of non-compliance. Starting a compliance project is no easy task. To ensure you’re ready for GDPR, here are some essential topics that you need to wrap your head around at the beginning of your GDPR compliance project.
- Your data
Data management is an important step in your GDPR compliance project. Do you know what type of personal data your company uses? Do you understand how your business uses data? Personal data is all the data that relates to an identifiable individual. The main reason GDPR is coming into effect is so that the personal data of everyone who lives in the EU is protected. If you can’t link the data to a person, then it is not personal data. If the data subject is not an EU resident, then you won’t be impacted. Businesses will be required to obtain consent before they store and use an individual’s data, as well as explain how it is used.
- The roles in the company
Are you a controller or a processor? Once you’ve clarified your data, you need to clarify your role. A Controller determines the purposes and means of data processing, whereas a processor processes the data on behalf of the controller. It is very important to know your role—whether you’re a controller, processor, or even both. This will determine your responsibilities under the GDPR. As a controller, you have more duties and it is your responsibility to ensure that the processor abides by the GDPR.
- Who to involve
Since this isn’t something you can do on your own, you need to figure out who you’re going to involve in the project and what their tasks will be. This can be within your organisation or a third party. Your IT department is essential for the success of your GDPR compliance project. They can help you understand how the data flows through your organisation—including the format and the safeguards. You’ll also need lawyers (in-house or contracted) to clarify your responsibilities based on your role in the processing. A legal team can also help you draft and review the forms and contracts you need to comply with GDPR.