reliant reading list tabletThe EU General Data Protection Regulation, or GDPR will go into effect May 25, 2018. If you’re like many other businesses you may be wondering how it will affect the way you store, manage, and backup your client data. You’re not alone, according to Spiceworks 2018 State of IT report, of individuals surveyed, 57% either have not allocated budget for GDPR compliance or are unclear whether or not they even have a GDPR budget. If you’re not sure about what GDPR compliance is and how it could affect your organization, check out part 1. If you’re already aware of the GDPR, the next question is: how do you make sure your organization is ready?

Start with Awareness

With the risk of heavy fines under the GDPR, it pays to notify stakeholders and employees of what this new set of compliance standards means for your business. This is a good time to create an accountability framework that outlines procedures and points of contact as well as train your staff on necessary process changes to ensure that all requirements have been met.

Conduct an Audit

Before making any changes, your organization should use this time to review current practices and procedures. Take a look at the current reality of what personal data you capture, document where it came from, and how its shared. Also, review all privacy notices and policies and make a plan to implement changes to accommodate new GDPR standards.

Review Data Erasure Practices

Consent is a large part of GDPR compliance standards. Companies must provide clear breakdowns of what consumer data will be captured and what it will be used for. In addition to that, consumers will also have the right to be forgotten. This means that consumers can ask to see their stored data and may withdraw permission to use their data at any point. If requested, businesses must completely delete provided information from all platforms and storage devices. Having to completely erase customer data means having all data erasure and destruction practices up to regulation to avoid any fines.

Audit Data Security Breach Plans

Under the GDPR companies will now have to notify authorities and the public within 72 hours in the event of any type of data breach. Now is the time to review all procedures and make any changes to breach procedures so you have the ability to properly detect and report a data breach.

Appoint a Data Protection Officer (DPO)

The GDPR compliance documents aren’t a short read and becoming compliant may not happen overnight. Companies should consider appointing someone Data Protection Officer to act as point of contact and take responsibility for data protection compliance. *Note: You may be required to appoint a DPO under GDPR if you meet certain criteria*

Are You GDPR Ready?

These are just a few key steps to take on the road to becoming GDPR compliant. For more information on GDPR compliance and how it will affect your current data storage, protection, and security practices check back in for part 3 of this blog series. We will discuss other compliance tips and best practices.

This blog post is not meant to serve as legal advice for your organization to use in complying with the EU GDPR. It is instead, background information meant to help you better understand GDPR compliance regulations. Any information provided in this blog post should not be taken as legal advice or consultation for GDPR compliance.