1. Establish and assess how you deal with data
A thorough understanding of how your organisation deals with data is paramount. Under current rules, only data controllers are liable for compliance, but the GDPR obligations will fall on data handlers too. It is therefore important to establish whether your organisation is a data processor or a data controller, bearing in mind it could be both.
Knowing where data are stored, that location’s security, as well as determining whether those data are being shared will be critical, come May 2018.
2. Learn from the past
To check your capabilities in terms of reacting to a future attack, examine what has happened during past breaches and question whether the steps taken are capable of meeting the new requirements set by the GDPR. Under the new rules, breaches will need to be reported within 72 hours, together with information about the severity of the attack. If your company is unable to do so, that shortcoming may result in a hefty fine.
3. Appoint a data protection officer
This may be simple advice for a company with lots of money, but the added expense makes this off-putting for smaller businesses. However, it’s not as off-putting as being fined four percent of your revenue and might not need to be a full time responsibility.
The data protection officer acts independently and, reporting to the highest level of management, should help implement the requirements. Allocating further resources sooner rather than later will ensure your company is not only compliant but is equipped to deal with any data breach and mitigate the possibility of being fined.
4. Educate your staff, and yourself, on the rules (With Coventry Global)
One of GDPR’s main aims is to strengthen the ability for people to be forgotten and have their data deleted. Companies will also have to gain “clear affirmative action” from individuals before processing their data. The rules also make it harder for children to hand over their data. Knowing how the rules change your organisation’s handling of consent, and the rights of individuals, is imperative.
Improve Now For A Better Future
Telephone : +353(86) 233 3733