The GDPR regulation will take effect on May 25, 2018. As per analysis, analyst firms are predicting that more than 50%(may be 60%) of affected companies will not achieve full GDPR compliance by the end of 2018.
The new data collection rules under GDPR will bring into for the safety of consumers. These data protections include regulations on exporting user’s personal data outside the EU, the introduction of Data Protection Impact Assessments (DPIAs) to mitigate risks of processing sensitive data, and liability for data breaches.
Here are five important steps that businesses of all sizes can follow to start the process:
Determine whether the GDPR applies to your Organization
The GDPR applies to you if your organization processing personal data for goods and services or monitoring the behavior of individuals/ data subjects (citizens) within the EU.
Appoint a Data Protection Officer (DPO)
Under GDPR, not all organizations are required to appoint a data protection officer. GDPR makes it clear that a DPO can be an employee or a contractor the skills a DPO needs: they should be appointed “on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices”.
Your DPO will:
- Inform and advise your organization and staff who process personal data
- Respond to individuals whose data is processed and the exercise of their rights under the Regulation.
- Provide you advice where requested on data protection impact assessment and monitor its performance
- Monitor compliance with the Regulation
Priorities and demonstrate accountability in all data processing
Organisations must demonstrate an accountable approach and transparency in all decisions regarding data processing. Demonstrating compliance means possessing an awareness and understanding of your data processing operations. Demonstrating compliance is a broad, high-level understanding that proves you are accountable.
Check which borders your business data crosses
No matter what’s your location, or where the data you are processing comes from, you will need to be sure the data is transparent under GDPR data collection rules. Under the EU’s General Data Protection Regulation (GDPR), personal data can flow can between the 28 EU countries and in select countries deemed to have an adequate level of cyber security.
Understand the new rights that citizens have over their data
Data subject rights under the GDPR:
- The data subject’s right of access
- The data subject’s right to rectification
- The previously mentioned right to erasure or right to be forgotten
- The data subject right to restriction of processing
- The right to be informed
- The right to data portability