When everyone is talking about GDPR (General Data Protection Regulation) and our inboxes are getting bombarded with emails reminding us of the looming May 25th deadline, how are we supposed to know where to start with it all!
The main thing to remember is that GDPR is not a destination, it is a journey.
We will never reach a place where we can say we are now GDPR complaint and relax, this regulation forces us to change our mindset about individual’s personal data and manage our work procedures around this change.
The new General Data Protection Regulation encompasses every area of capturing, processing and holding of individual’s personal identifiable information (PII), for both our customers and employees.
The regulation requires us to place due diligence in the handling of this data, whether it’s in hard copy or soft copy format, and ensuring everyone in our organisation is trained accordingly.
But among all the noise about GDPR, what do we really need to do?
Here are 5 few tips to help you get started with GDPR!
1. Avoid claims of “We can get you GDPR compliant”.
There is no one stop shop to solve all your problems with GDPR and you should avoid any claims of this. This regulation includes, legal policies, data storage, business security measures, data backup and, most importantly, employee training to ensure all these steps put in place are followed.
2. Make sure you understand your obligations under GDPR.
GDPR is a complex legal document and it is worthwhile consulting a qualified legal professional to discuss your specific business responsibilities under GDPR, as these won’t be the same for every company.
3. Don’t forget your phone has data too!
Most of us work on the go now, checking emails, taking calls and writing quick notes on our phones but how much PII data is stored on our personal mobile devices?
You need to be aware of every location your customers PII data is stored, to ensure it is stored securely and can be deleted upon request.
4. Remember it all revolves around people!
Remember this regulation revolves around individual’s rights and it is those individuals who are also responsible for ensuring it is upheld. Making sure your employees fully understand their responsibilities under GDPR is key.
5. Don’t relax and forget about it after May 25th
Don’t relax after May 25th and think you are finished, GDPR compliance is something which needs to be monitored on a regular basis. If PII data goes missing, you need to notify the regulatory body (and possibly the individual(s) affected) within 72 hours of the incident occurring. This requires continuous monitoring and awareness of where ALL your data is stored (both hard and soft copy) and how secure it is.