Things you can do for GDPR
Although the GDPR will not be enforceable until May 25, 2018, we are encouraging our customers to start preparing now. If you have already adopted a high level of compliance, security, and data privacy, the journey to GDPR should be smooth and hassle free. However, if you have yet to start the GDPR journey to compliance, we urge you to start reviewing your security, compliance, and data protection processes now to ensure a smooth transition in May 2018.
You should consider the following topics at a minimum in preparation for GDPR compliance:
• Territorial reach – Determining whether the GDPR applies to your business activities is essential to ensuring your business ability to satisfy its compliance obligations.
• Data subject rights – The GDPR enhances the rights of data subjects in a number of ways. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
• Data breach notifications – If you are a data controller, you must report data breaches to the data protection authorities without undue delay and in any event within 72 hours of you becoming aware of a data breach.
• Data protection officer (DPO) – You may need to appoint a DPO who will manage data security and other issues related to the processing of personal data.
• Data protection impact assessment (DPIA) – You may need to conduct and, in some circumstances, you might be required to file with the supervisory authority a DPIA for your processing activities.
• Data processing agreement (DPA) – You may need a DPA that will meet the requirements of the GDPR, particularly if personal data is transferred outside the European Economic Area.
If you would like further help or guidance we can offer a PAYG service or a dedicated specialist.
Please email firstname.lastname@example.org
and one of our team will get back to you.