GDPR deadline is less than a month away. The two year transition time is almost used up. The General Data Protection Regulation, GDPR, regulates data processing strictly compared to the previous laws. What are the steps organizations should have taken? These are some of the important things your organization should do:
• Is your company processing or controlling large amount of data? Make sure that you have Data Protection Officer named if you do.
• If your organization operates in several European countries, appoint leading DPO.
• Document the data processing of personal data. Go through all the phases from the collection to the disposal of the data.
• Make sure what are the lawful basis behind the data collection, controlling or processing. Do notice that the basis does not have to always be direct opt-in. ICO has just recently released useful guidance tool for lawful basis that can be found from here.
• What kind of risks could be involved in the data processing in your organization? Make sure to have a mitigation plan.
• Get ready for data subject access requests. Update your processes to make GDPR compliance more automatic. Is your organization ready to find the data if need?
• Make sure your data security is up to date. Get also ready to announce possible data breaches.
• Check the GDPR readiness of your partner organizations and service providers and update your contracts.
• If you process or control data of minors, make sure to check the special requirements you need to meet.
Many parts of this checklist can be filled by our Start package. The package works as a fast lane for GDPR compliance! Check also Gap analysis by our partner IT Governance! It will provide a detailed breakdown by area of your compliance status, and an action plan that sets out and prioritizes the key issues that your organization must address to become compliant.
If you have not started yet with GDPR compliance – this is the time you should start!