What is GDPR
To begin with, the European General Data Protection Regulation is going to become effective on May 25, 2018, in order to provide all people with the data protection of high level. Consequently, every company should not only know what to do but also it should ensure compliance for minimizing any possible risks. The GDPR contains a number of chapters and articles where it goes about certain requirements and important regulations which every organization must comply with. These regulations are connected with protecting the rights of every individual and his or her personal data. In the case when companies don’t want to comply with it, namely they become non-compliance and can get in the future a great number of administrative fines.
There are some steps which should be taken as soon as possible. It is called GDPR compliance checklist.
1. Awareness. So, the first step is awareness. All key people in your organization should know everything about the GDPR in order not to fail and receive fines.
2. Documenting all personal data. The second step is documenting all personal data which your company holds and also who it shares with. Organizing an information audit you will prove your awareness of GDPR.
3. Communicating privacy information.
4. Individuals’ rights. While taking the fourth step you should think of individuals’ rights. For example, you should check how the personal data would be deleted or how it would be provided electronically.
5. Subjecting access requests. The essence of the fifth step lies in subjecting access requests.
6. A lawful basis for processing personal data. The next step is an extremely significant one because you should show that you have a lawful basis for processing personal data, meaning identifying the lawful basis and documenting it.
7. Refreshing consents. The seventh step is refreshing consents that have been already existed in accordance with the GDPR standard.
8. Verifying the age. The eighth step is related to children. Your company should verify the age of every individual and get (if it is necessary) parental consent for all data processing activities.
9. Then there are three more significant steps such as data breaches, Data Protection by Design and Data Protection Impact Assessments and designating Data Protection Officers.
10. International matters. Finally, the last step but not least applies to international matters. In the case your company operates in several EU member states, your lead data protection supervisory authority should be determined. By the way, you can also use different GDPR checklist templates for reviewing your data processing.
To sum up
All in all, it is really important to use the GDPR checklist for working out the essential differences between the current law and the GDPR. Make sure that your company is compliant with the GDPR in order not to receive fines.