GDPR is coming in 60 days – are you on track to compliance?

According to a survey released by YouGov earlier in March, 85% of respondents would boycott a company that repeatedly showed disregard for protecting consumer data. From 25 May 2018, GDPR will change how organisations can handle the information of their customers. Consequence of non-compliance could also be exacerbated by fines up to €20 million or four percent of their annual global turnover, whichever is greater.

If you haven’t done so, consider the following top areas to achieve GDPR compliance.

Personal information 

Are you fully aware of what personal information you hold and where within your organisation this information is maintained and managed?

Privacy policy

Have you addressed how you are going to communicate privacy to your external stakeholders? Has your privacy policy been reviewed to ensure this is going to be compliant under GDPR?

Lawful basis for processing

Have you considered your lawful basis for processing the information you have?

Consent

Have your contacts expressed explicit consent to process their data? For example, have they approved to receive communications? Have you made it easy for people to manage mailing preferences? Are you recording the opt-ins obtained so you have a record of these?

Data controller and data processor

Do you use third parties to process information on your behalf? If so, have you considered the data controller and data processor requirements under GDPR?

Data breach

What is your organisation's policy for reacting to a data breach? Will this policy be able to meet the new data breach reporting deadlines set under GDPR? Is everyone aware of the data breach policy throughout the organisation?

Data protection officer

Is your organisation required to have a Data Protection Officer? If not, have you designated the responsibility of data protection to an individual within the organisation?

It is important you have a plan of action. If you're unsure about the answers to any of the questions above, please contact Chris Beveridge. We would welcome the opportunity to meet and help you successfully prepare for GDPR.
 

Leave a comment

 Security code