GDPR Checklist for Compliance

GDPR Checklist for Compliance

We’re sure you’ve seen a bulk of emails from different websites mentioning their changes in their privacy policy due to GDPR. But if you haven’t seen one yet and has no idea what GDPR is, then let us explain. GDPR or General Data Protection Regulation is a global data protection law passed by the European Union that shifts the ownership of customer data from the organizations that use it to the individual customer. All eyes are on the appropriate protection of customers’ private information and to comply is a must! But if you’re at a lost on what you need to change to be GDPR compliant, read on for a checklist of what you need to sort out.

 

Explicit Customer Consent

It’s now a must to ask customers first before processing or storing their data. The request not only needs to be clear and see but it also must be done so in a straightforward way by using easy to understand language. Silence or inactivity from the side of the customer should not be taken as a yes and companies that use their info must be able to prove that they received approval. Also, your customers now have the right to withdraw consent upon request in a reasonable timeframe.

 

Get A Data Protection Officer (DPO) If You Can

Hiring someone who specializes in data protection can save you a lot of worries. Your DPO is your point person to ensure GDPR compliance. This is especially important for companies larger than 10 to 15 employees that process personal data on daily basis and in sheer numbers. But what does the DPO role actually do? The role entails:

  • Regular and systematic monitoring of data on a large scale
  • Processing on a large scale of special categories of data

 

Conduct A Data Protection Impact Assessment (DPIA)

You’ll definitely need to conduct a data protection impact assessment if your company stores personal data in a permanent storage. This should be done before any project should be carried out and it’s basically an audit within the company that will allow you to measure the effectivity of safeguarding the privacy of the individuals whose data you store. The DPIA aims to achieve these three:

  • Compliance with applicable legal, regulatory and policy requirements
  • Establish the risks and effects
  • Evaluates protections and alternative processes to mitigate privacy risks

 

Data Breach Policies

There will always be substantial risks when it comes to storing data. And Data Breach policies ensure that your customers’ trusts will be kept intact in case of the worse scenarios – which is data breach. The GDPR requires companies to notify local data protection authorities of any data breach situation within 72 hours of discovery. And yes, this means that every company will need the kind of technology that will allow them to detect and address breaches within a certain timeframe. Note as well that this is one of the stricter GDPR requirements and you may have to overhaul your internal data security policies for this.

 

Giving Them The Right to Opt-Out

Deleting personal data not only minimizes the amount of data each company has to keep but also gives customers the freedom to choose. So if a certain data is not needed or has been requested to be deleted, then the answer is yes delete it. And as mentioned, customers have every right to request to be taken off email lists and other such lists that a company may have that they store for marketing or other such purposes.

 

There you have it, a proper checklist for all your GDPR compliance needs. By the way, we’ve also updated our own Privacy Policy for our own GDPR compliance you can check out the updated version here.