With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their businesses are compliant with the new GDPR rules. But, what should you do if you’ve waited until the last minute?
First of all, don’t panic. GDPR is intended to improve the way that businesses interact with customers, and to make sure that everyone involved is protected. However, that doesn’t mean that GDPR isn’t serious. Large fines can be given to companies that aren’t compliant with the new rules, so it’s certainly not something to be taken lightly.
This article outlines the most important steps to take and resources available to you if you’ve waited until now to get your company up to date with GDPR. These steps explain the way that the regulations may affect you, and what you can do now to get ready for them.
Go through your records immediately.
Your records are about to become extremely important. Identify all of the personal information you have, where it came from, and who you’ve shared it with. “GDPR requires you to maintain records of your processing activities. This may mean that you’ll need to organize an information audit across the organization or within particular business areas,” says Jenny Earp, digital marketing executive and author of “12 Steps on How to Prepare for GDPR.” Within GDPR, there are certain types of data that you’ve collected that are now protected. These include (but are not limited to):
It’s important to understand that the primary goals of this legislation are to improve privacy and empower user control over personal data. Reaching these goals could require significant changes which impact companies at large, regardless of the type of platform they’re using.
Once you’ve gone through your data, organize it. You need to have processes in place to provide individuals all personal data in a “commonly used and machine-readable format” upon request.
Get rid of irrelevant data.
What does this mean? Under Article 5 of the new GDPR rules, you can only process personal data that you need, and you can only keep it for as long as it takes to complete the task you need it for. With GDPR, it is important to document the types of personal data you have, the categories the data falls into, why you need the data, and for how long you retain the data.
Because you’ve already organized your data when you went through your records, now is the time to document. Go through all of the personal data you’ve stored, and make sure that it’s relevant.
Address any third-parties that might have collected data on your behalf.
Did you know that some of the sites you use for things like ecommerce can collect data on your behalf, and that you are liable for this data under the new GDPR regulations? Third parties are a critical concern here since the company collecting personal data is responsible for its handling and storage. As a result, businesses using WordPress must ensure that third-party plugins are compliant with GDPR. Make sure that the manufacturers of any plugins you’re using are GDPR compliant, and consult a compliance officer should you have any queries.
Update your consent policies, privacy policies, and legal agreements.
The definition of online consent is one of the biggest changes of GDPR, and the change that might have the largest effect on the way you run your business. Customers will now have to opt-in to receiving marketing materials from your company, instead of having to opt-out the way they do now. Aside from consent, there are other ways that you can legally keep your customers’ information. They are:
“Vital” and “legitimate” interests can be a bit ambiguous so companies should be prepared for more specific guidelines regarding this type of processing after the law goes live. When possible, sticking to informed consent is a safe bet.
While you’re looking at your consent policies, take the time to update your privacy policies. Under the new GDPR policies, you’ll have to explain your reason for processing an individual’s data and how long you’ll keep the data for. Update your privacy policies and legal agreements to make sure that they reflect these changes.
Nominate a compliance officer.
While your company may not be legally required to have a compliance officer, it’s an excellent idea to nominate an individual to take responsibility for data compliance. Having someone looking out for GDPR related issues can make all the difference as these new rules come into place. Your compliance officer should be well-versed in the current GDPR regulations, and willing to learn about regulation amendments as they come into practice. The compliance officer should also have a crisis plan in the event of any GDPR breaches, and will be the point to contact should a breach be reported.
Stay up to date this summer.
Many new regulations have been released, but there are more to come. For some companies that do not store data, the new regulations may not affect them very much. However, many businesses will require a complete overhaul in the way that they collect and store data. Staying ahead and listening to the conversation will ensure that you won’t fall behind with compliance.
Still concerned about how GDPR will affect your business? EUGDPR.org and GDPR for American Organizations offer more insights into preparing your business for the new regulations.
The World Earth Day agenda offers a chance to flip the rationale for cloud adoption and highlight environmental benefits that the technology brings pr…
James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…
The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …
With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…
Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…