GDPR – is your organization ready for that?

Author: | Posted in Defence No comments

The General Data Protection Regulation, which has become effective on May 25th 2018 is a big concern to many companies as they struggle to meet the regulation or, as some surveys show, are not even aware of its existence. Regardless the state of their data management system now, GDPR has to be implemented in every company that collects, handles and processes personal data of EU citizens. This new law, although introduced by the EU, applies to every company around the world that does any business in the EU. How do you know if you’re GDPR ready?

Know the basics

In order to make sure that you’re ready for GDPR, you need to know what does it actually entail and which areas of your business does it affect. GDPR applies to all organizations, regardless their size and origin, which process and hold the personal data of EU citizens – wrote ins2outs in thier aricle. As such, the regulation affects every company that offers services or goods to EU citizens, monitors their behaviour or has an establishment based in the EU, even if their business is mainly or solely located anywhere else in the world.

Another major thing that you need to know and make sure to have in place at all times is the right privacy policy. Individuals have now more control over the data they submit to you, especially regarding the right to be forgotten, the right to data portability and the right to be informed in case of a data breach. This means that you have to make sure that the data you are collecting is processed in such a way that it can be deleted completely if the individual asks for it, or moved to another processor on their behalf. They also need to be informed if anything goes wrong and their data is not safe, even if nothing actually leaks.

Get a DPO

Most companies will need to appoint a person responsible for overseeing the GDPR compliance as a requirement. A DPO, which stands for a Data Protection Officer, will be the one responsible for protecting the business interests and checking on the data and the ways its stored, but they will also need to be in touch with the supervisory authority in order to report any breaches as soon as possible. The DPO is usually supported by a team of people, especially in bigger organisations, as their everyday job revolves around many different aspects of business and it’s not possible for one person to do it all.

Add Your Comment