How to Get Ready for GDPR if You've Waited Until the Last Minute


With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their businesses are compliant with the new GDPR rules. But, what should you do if you’ve waited until the last minute?

First of all, don’t panic. GDPR is intended to improve the way that businesses interact with customers, and to make sure that everyone involved is protected. However, that doesn’t mean that GDPR isn’t serious. Large fines can be given to companies that aren’t compliant with the new rules, so it’s certainly not something to be taken lightly.

This article outlines the most important steps to take and resources available to you if you’ve waited until now to get your company up to date with GDPR. These steps explain the way that the regulations may affect you, and what you can do now to get ready for them.

Go through your records immediately.

Your records are about to become extremely important. Identify all of the personal information you have, where it came from, and who you’ve shared it with. “GDPR requires you to maintain records of your processing activities. This may mean that you’ll need to organize an information audit across the organization or within particular business areas,” says Jenny Earp, digital marketing executive and author of 12 Steps on How to Prepare for GDPR.” Within GDPR, there are certain types of data that you’ve collected that are now protected. These include (but are not limited to):

  • ID numbers
  • IP addresses
  • Cookie data
  • Health information
  • Biometric information
  • Ethnic information

It’s important to understand that the primary goals of this legislation are to improve privacy and empower user control over personal data. Reaching these goals could require significant changes which impact companies at large, regardless of the type of platform they’re using.

Once you’ve gone through your data, organize it. You need to have processes in place to provide individuals all personal data in a “commonly used and machine-readable format” upon request.

Get rid of irrelevant data.
What does this mean? Under Article 5 of the new GDPR rules, you can only process personal data that you need, and you can only keep it for as long as it takes to complete the task you need it for. With GDPR, it is important to document the types of personal data you have, the categories the data falls into, why you need the data, and for how long you retain the data.

Because you’ve already organized your data when you went through your records, now is the time to document. Go through all of the personal data you’ve stored, and make sure that it’s relevant.

Address any third-parties that might have collected data on your behalf.
Did you know that some of the sites you use for things like ecommerce can collect data on your behalf, and that you are liable for this data under the new GDPR regulations? Third parties are a critical concern here since the company collecting personal data is responsible for its handling and storage. As a result, businesses using WordPress must ensure that third-party plugins are compliant with GDPR.  Make sure that the manufacturers of any plugins you’re using are GDPR compliant, and consult a compliance officer should you have any queries.

Update your consent policies, privacy policies, and legal agreements.

The definition of online consent is one of the biggest changes of GDPR, and the change that might have the largest effect on the way you run your business. Customers will now have to opt-in to receiving marketing materials from your company, instead of having to opt-out the way they do now. Aside from consent, there are other ways that you can legally keep your customers’ information. They are:

  • Contract
  • Legal obligation
  • Vital Interests
  • Public interest risk
  • Legitimate interest

“Vital” and “legitimate” interests can be a bit ambiguous so companies should be prepared for more specific guidelines regarding this type of processing after the law goes live. When possible, sticking to informed consent is a safe bet.

While you’re looking at your consent policies, take the time to update your privacy policies. Under the new GDPR policies, you’ll have to explain your reason for processing an individual’s data and how long you’ll keep the data for. Update your privacy policies and legal agreements to make sure that they reflect these changes.

Nominate a compliance officer.

While your company may not be legally required to have a compliance officer, it’s an excellent idea to nominate an individual to take responsibility for data compliance. Having someone looking out for GDPR related issues can make all the difference as these new rules come into place. Your compliance officer should be well-versed in the current GDPR regulations, and willing to learn about regulation amendments as they come into practice. The compliance officer should also have a crisis plan in the event of any GDPR breaches, and will be the point to contact should a breach be reported.

Stay up to date this summer.
Many new regulations have been released, but there are more to come. For some companies that do not store data, the new regulations may not affect them very much. However, many businesses will require a complete overhaul in the way that they collect and store data. Staying ahead and listening to the conversation will ensure that you won’t fall behind with compliance.

Still concerned about how GDPR will affect your business? and GDPR for American Organizations offer more insights into preparing your business for the new regulations.  

Edited by Mandi Nowitz
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Protecting Your Digital Fortress Through Threat Exposure Management

By: Contributing Writer    5/23/2024

In today's digital landscape, cybersecurity threats loom large, posing significant risks to businesses, organizations, and individuals alike. With the…

Read More

Why Block Websites? Understanding the Reasons

By: Contributing Writer    5/6/2024

The internet is such an expansive network where every click can lead to information, entertainment, or opportunities for productivity. However, this a…

Read More

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More