GDPR is an extensive 88-page document covering every aspect of the new EU data protection laws.
Businesses who are non-compliant with GDPR after the 25th of May 2018 may find themselves being issued a large fine of up to €20 million or 4% of their annual turnover, so it’s important that you do everything you can to avoid this.
Before GDPR comes into effect, there are some steps you should take to ensure that your existing data is within the new guidelines, and that any new data you collect is also compliant.
If any of the below are currently missing from your organisation, then you will need to implement them before 25th of May.
- Discuss GDPR with relevant employees and implement a plan of action including training
- Audit your existing data: does it comply with GDPR or will you now need to collect their permissions?
- Remove existing personal data that doesn’t comply with GDPR
- Update your privacy policy to make sure it aligns with GDPR
- Update the procedure for individuals accessing their personal information – fees are no longer chargeable
- Implement a method for collecting consent such as setting up an opt-in box that complies with GDPR
- Set up a procedure for collecting and securely storing records of consent
- Set up a procedure enabling subscribers to quickly and easily remove their personal information from your records
- Create a process for verifying the age of individuals and obtaining parental consent when necessary
- Ensure that there is a practice in place for detecting and reporting data breaches
- Identify and designate a Data Protection officer if necessary
If you require more information regarding GDPR, then we offer a Comprehensive GDPR online training course that can ensure you are prepared and certified in less than an hour!