How to Get Ready for GDPR if You've Waited Until the Last Minute

By

With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their businesses are compliant with the new GDPR rules. But, what should you do if you’ve waited until the last minute?

First of all, don’t panic. GDPR is intended to improve the way that businesses interact with customers, and to make sure that everyone involved is protected. However, that doesn’t mean that GDPR isn’t serious. Large fines can be given to companies that aren’t compliant with the new rules, so it’s certainly not something to be taken lightly.

This article outlines the most important steps to take and resources available to you if you’ve waited until now to get your company up to date with GDPR. These steps explain the way that the regulations may affect you, and what you can do now to get ready for them.

Go through your records immediately.

Your records are about to become extremely important. Identify all of the personal information you have, where it came from, and who you’ve shared it with. “GDPR requires you to maintain records of your processing activities. This may mean that you’ll need to organize an information audit across the organization or within particular business areas,” says Jenny Earp, digital marketing executive and author of 12 Steps on How to Prepare for GDPR.” Within GDPR, there are certain types of data that you’ve collected that are now protected. These include (but are not limited to):

  • ID numbers
  • IP addresses
  • Cookie data
  • Health information
  • Biometric information
  • Ethnic information

It’s important to understand that the primary goals of this legislation are to improve privacy and empower user control over personal data. Reaching these goals could require significant changes which impact companies at large, regardless of the type of platform they’re using.

Once you’ve gone through your data, organize it. You need to have processes in place to provide individuals all personal data in a “commonly used and machine-readable format” upon request.

Get rid of irrelevant data.
What does this mean? Under Article 5 of the new GDPR rules, you can only process personal data that you need, and you can only keep it for as long as it takes to complete the task you need it for. With GDPR, it is important to document the types of personal data you have, the categories the data falls into, why you need the data, and for how long you retain the data.

Because you’ve already organized your data when you went through your records, now is the time to document. Go through all of the personal data you’ve stored, and make sure that it’s relevant.

Address any third-parties that might have collected data on your behalf.
Did you know that some of the sites you use for things like ecommerce can collect data on your behalf, and that you are liable for this data under the new GDPR regulations? Third parties are a critical concern here since the company collecting personal data is responsible for its handling and storage. As a result, businesses using WordPress must ensure that third-party plugins are compliant with GDPR.  Make sure that the manufacturers of any plugins you’re using are GDPR compliant, and consult a compliance officer should you have any queries.

Update your consent policies, privacy policies, and legal agreements.

The definition of online consent is one of the biggest changes of GDPR, and the change that might have the largest effect on the way you run your business. Customers will now have to opt-in to receiving marketing materials from your company, instead of having to opt-out the way they do now. Aside from consent, there are other ways that you can legally keep your customers’ information. They are:

  • Contract
  • Legal obligation
  • Vital Interests
  • Public interest risk
  • Legitimate interest

“Vital” and “legitimate” interests can be a bit ambiguous so companies should be prepared for more specific guidelines regarding this type of processing after the law goes live. When possible, sticking to informed consent is a safe bet.

While you’re looking at your consent policies, take the time to update your privacy policies. Under the new GDPR policies, you’ll have to explain your reason for processing an individual’s data and how long you’ll keep the data for. Update your privacy policies and legal agreements to make sure that they reflect these changes.
 

Nominate a compliance officer.

While your company may not be legally required to have a compliance officer, it’s an excellent idea to nominate an individual to take responsibility for data compliance. Having someone looking out for GDPR related issues can make all the difference as these new rules come into place. Your compliance officer should be well-versed in the current GDPR regulations, and willing to learn about regulation amendments as they come into practice. The compliance officer should also have a crisis plan in the event of any GDPR breaches, and will be the point to contact should a breach be reported.

Stay up to date this summer.
Many new regulations have been released, but there are more to come. For some companies that do not store data, the new regulations may not affect them very much. However, many businesses will require a complete overhaul in the way that they collect and store data. Staying ahead and listening to the conversation will ensure that you won’t fall behind with compliance.

Still concerned about how GDPR will affect your business? EUGDPR.org and GDPR for American Organizations offer more insights into preparing your business for the new regulations.  




Edited by Mandi Nowitz
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More

The Role of Technology in Shaping the Future of Affiliate Marketing

By: Contributing Writer    3/5/2024

In the current rapidly growing digital world, affiliate marketing is still one of the most effective ways for businesses to increase their visibility …

Read More

The Steps You Can Take To Improve Customer Service For Your Business

By: Contributing Writer    3/5/2024

When you're in a competitive market, providing exceptional customer service is crucial for the success and growth of your business. Good customer serv…

Read More