The Quick and Easy Guide for GDPR — Part 8 — Tips and Tricks
Beginning from May 25th, 2018, companies which operate in the European Union have to adhere to the GDPR. Coursedot has a special quick and easy guide to provide the basics of GDPR. This is the 8th part of the series. We take a look at how several GDPR Tips and Tricks. The previous part is here.
GDPR Tips and Tricks
The GDPR compliance can seem like a very big and difficult challenge. There are several tips and tricks which can make most of the process simple. Combining them with the rest of our Guide will help your company get ready for the new Regulation
• Raise awareness. Make sure everyone in the company are informed about the GDPR and what it means for their work. Then talk with partners with which you collect or exchange data. Examine whether or not your contracts would need to be changed or renegotiated to accommodate the GRPR rules. This could even include insurance arrangements.
• Create an internal GDPR framework. This should cover the entire “trip” of the data in your business. Make sure there are roles and responsibilities for each level. Keeping a detailed record of processing operations is mandatory under the GDPR.
• Perform a data protection impact assessment for high risk processing. This is also mandatory and means companies have to have this in place.
• Create multi-level user permissions. This means setting up separate consent channels for different services which require different data. This can be especially helpful for marketing purposes as per the GDPR companies are required to give users the right to request their personal data to not be used for direct marketing. It will also make it easier for users to agree to give consent for certain data usages.
• Try to use pseudonymous data where possible. This is viewed favorably under the GDPR and reduces the risks of fines. Use identifiable personal data only for limited specific purposes where pseudonymous data isn’t sufficient.
• Make sure you have users’ clear consent before you collect any of their personal data for any reason. Give users easy opportunities to unsubscribe or request their data to be “forgotten”. Don’t bury these options somewhere in a submenu of a submenu. Having them easily accessible will actually increase user trust and will make it easier to keep the data sets updated and cleared from users who won’t use or need your services.
• Make sure all security data policies and procedures are reviewed and updated accordingly. This includes internal ones too, to make it easier for responsible employees to have documents to reference to when needed.
• Establish data breach procedures. As per the GDPR companies are required to inform authorities and affected entities of a data breach within 72 hours of first becoming aware of the problem. So, having clear internal processes on how to go about this is vital.
• Get rid of any data you don’t need or haven’t used. Also, make it a regular review process to check the data from time to time and do a clean-up.
• Accept that GDPR is here to stay. This means making it a part of the daily worklife from here on. It’s not something that we work to implement for a few days and then forget about it. It’s a continuous process and there will always be things to do, to change and to improve.
• Adopt the “when not if” mentality when it comes to the user rights. Be ready at all times to receive requests from users which will fall under one of the several rights stated above. So, make sure you have the processes needed to honor these rights.
• There’s no shame in asking. Not even all lawyers and legal teams are still up-to-date with all things GDPR. If there’s something that is not clear to you, consult with experts or regulators now, before it’s too late. Each organization’s case and scale is different, so each will be affected in a different way by the GDPR. Making a full company review is therefore vital in order to be sure you’re putting your time and effort for GDPR compliance in the right way.
This concludes our Quick and Easy Guide for GDPR. Be sure to check out the rest of the parts for more information. Also, our team is always willing to help you set up the needed training for your employees or individuals who want to hone their skills, including for GDPR.