HOW DO I KNOW IF I’M COMPLIANT?
You’ll know you comply if you can tick all of these boxes:
- You abide by GDPR if you are any company that collects and/or processes EU citizen’s personal data, wherever in the world your business is based
- You have collected the right sort of active consent to store and use a person’s data and explained how it would be used
- You have set a suitable protocol in place to deal with notifying the supervisory authority within 72 hours of discovering a security breach unless doing so results in risks to the rights and freedom of individuals
- You must be set up to provide electronic copies of private records to people who ask for it, detailing what personal data you are processing, where the data is stored and why
- Your Data Controller must be able to delete people’s personal data as well as stop sharing it with third parties, who must also stop processing it
- You must let people give their data from one controller to another, which means you have to be able to hand over an individual’s personal data in a ‘commonly used and machine readable format.’
- You must build data security into your products and processes from day one
- Data controllers and data processors must appoint a DPO
GDPR IS A PROCESS…
It might sound alarming, but in fact, GDPR is simply a process, something that needs to be factored into every aspect of your business and adopted as the norm. If your IT system already lets you do all of the above, it’s probably doing a pretty good job. To be sure, though, it makes sense to get expert IT support to ensure everything’s working like clockwork. If your IT system doesn’t let you do one or more of the above, you need help to make it so.
EXCELLENT GDPR RESOURCES
Here are some detailed plain language posts about the GDPR:
FAQ – MORE ABOUT GDPR COMPLIANCE
GDPR is a regulation, which means it’s legally binding. The previous legislation was a directive, less strict.