When the GDPR arrived in 2018 it brought with it a new wave of responsibility for businesses when it comes to data. These new standards mean that even those who aren’t privacy experts are still expected to ensure that processes and outcomes are up to scratch. However, this isn’t a case of following a list of criteria that is set in stone. Ensuring compliance today is much more about adopting a more ethical and transparent approach where data is concerned. So, how can you check whether your business is on the right track?
1. Get to grips with the regulation
A sound understanding of the fundamentals of the GDPR will enable you to do more where compliance is concerned. Make sure you understand the key terms (e.g. a ‘data subject’ is the person whose data is being processed) and that the provisions of the GDPR apply to your entire business, not just a single website or database. Get to grips with the most important parts of the regulation, such as Articles 12 – 22, which cover data subject rights (access, data portability, right to be forgotten, etc.).
2. Start with the basics
3. Be proactive on an ongoing basis
The GDPR requires businesses to be continuously proactive to ensure data is collected safely and used within the proper scope. If you’re not sure about how to approach compliance it can be useful to see what other vendors are doing. One crucial part of the process is ensuring you have systems in place to report any data breaches within GDPR time limits (typically 72 hours).
4. Review your website
The changes you need to make will be specific to the business. However, for many organisations adjusting opt-in forms to ensure that the right type of consent is obtained will be essential. You may also need to look at the way that cookies are handled and communicated to website users, including the language that you use to describe their use to consumers.
5. Identify other key provisions
There are a number of these that may require action on your part, including complying with the requirement for mandatory Data Protection Impact Assessments if you’re involved in high risk processing and ensuring that your data processors must ask for approval if they’re moving data outside of the EU.
6. Establish monitoring
It’s essential to keep monitoring not just how you collect data – and whether that data remains strictly necessary for your business – but also whether it continues to be safe in your business’ hands. Regular audit and monitoring is essential to meeting the requirements of the GDPR on an ongoing basis.
GDPR compliance is not a straightforward process but there is a lot that you can do to check that your business is in line with the standards of the regulation today.