If you're looking for help with your EU GDPR project, get in touch with our experts, who can advise you on which of our products and services are best suited to your needs.
Have you taken the necessary measures to comply with the GDPR (General Data Protection Regulation)? If you're not prepared, you're certainly not alone.
To accelerate your existing efforts, we’ve distilled everything you need to do to achieve and maintain GDPR compliance into this simple nine-step checklist.
GDPR compliance requires board-level support. It’s therefore essential that the board understands the implications of the Regulation – both positive and negative – so that it can allocate the resources needed to achieve and maintain compliance.
Once you have obtained top-level support, you will need to work out what areas of your organisation fall under the GDPR’s scope.
To comply with the GDPR's data processing requirements you must be able to fully understand what data you process and how you process it.
Risk assessments play a crucial role in any GDPR compliance plan. The GDPR encourages a risk-based approach to data processing. This enables organisations to develop appropriate measures to manage their risks. However, the Regulation does not clarify how you should assess and quantify those risks.
Conducting a GDPR gap analysis will help you assess your current workflows, processes and procedures to identify any compliance gaps that you need to rectify.
Having established your compliance gaps, you should bring your existing policies, processes and procedures into line with the GDPR’s requirements, and develop new ones to ensure you fulfil your legal obligations.
Article 32 of the GDPR requires organisations to implement “appropriate technical and organisational measures” to ensure that personal data is processed appropriately.
Staff awareness and education is a key component of any organisation’s GDPR compliance framework. Everyone involved in processing data must be appropriately trained to follow approved processes and procedures.
GDPR compliance is an ongoing project – a journey rather than a destination. You should undertake periodic internal audits and regularly update your data protection processes. This includes checking your records of processing activities and consent, testing information security controls, and conducting DPIAs.