GDPR is basically an overarching data protection law which indeed applies to all of the European Union residents from the 25th day in the month of May in 2018. It is indeed concerned with personal data, which is, in fact, data that indirectly or directly identifies a person who is residing in the European Union. It can apply to any kind of company or entity which can market goods or services to the people staying in the EU.
Here are some tips for the implementation of the GDPR:
- Do pay heed to what your data protection authority says. Listen to them. Do understand who leads your data protection authority will be on the lookout for and also follow that GDPR guidance communications. Log onto the site and make sure to add yourself in the mailing lists.
- Be sure to understand whether you are a controller or a processor in all of your business relationships since the rules are different for each, even though many aspects of the GDPR cover processors. If you are indeed a controller, then check that you actually meet individuals’ rights, specifically the new rules around the data portability and the right to be forgotten, etc.
- Do you actually have to rely on consent? You have to take a look at how you are indeed collecting consent and do not use pre-ticked boxes under any circumstances. If you indeed need consent as the legal basis for the processing, the rules have indeed tightened up. You should consider whether ‘performance of a contract’ is a better and well thought of legal condition for the processing of data.
- Do you actually need a representative? Organizations that operate outside of the EU should and must check whether the GDPR solutions impact them. Many regulators have a lot of cross-border co-operations which have agreements in place.https://www.youtube.com/watch?v=6fITStJ-4Es
- Do you actually know what personal data you indeed hold? You have to document all the personal data you hang onto and place it in a secure file; you should know where it came from, who you have shared it with. You may also have to organize an audit of information. Make sure that you know all of your business processes which are involved in processing the personal data and make sure those are documented as well.
- Are you actually prepared for a breach of data? You have to be sure that you have the right procedures in place to detect and report any breaches in data. You should also be ready to perform an investigation of the same.
- You have to manage your privacy risks, as well. Privacy and security are two very important things.