Are you compliant with General Data Protection Regulation? Let's work together to manage your responsibilities, train your workforce, and demonstrate compliance.
Where Do I Begin?
The principle of accountability is key to compliance with the EU GDPR (General Data Protection Regulation). Organizations that process personal data must not only comply with the Regulation’s requirements – you must also be able to demonstrate your compliance.
To do this, you must establish a framework by advising management and garnering support. Accountability must be assigned, and data protection must be incorporated into corporate risk management activities.
Let's Make a Plan
Once you have top-level support, scope and plan your project. Appoint a data protection officer, identify other systems that could provide a framework for compliance, and assess whether data protection has been incorporated into processes.
What Are My Responsibilities?
You must be able to fully understand what data you process and how you process it. Conduct a data inventory and data flow audit. Look at the categories of data you process and where it comes from. Create a data map to identify the risks in your processing activities. Create records of those activities drawn from your data flow audit.
Assess your current workflows, processes and procedures to identify gaps that you need to correct. Once you identify those gaps, bring your existing policies, processes and procedures into line with the GDPR’s requirements. Develop new policies and procedures to ensure you fulfill all your legal obligations.
Where you rely on consent as your lawful basis for processing, make sure it meets requirements. Review current contracts and update them to cover personal data processing. Not only customer contracts, but employee and supplier contracts also. Plan for how you will respond to data subject access requests (DSAR) within one calendar month. And, have a process in place for determining whether a DPIA is required.
Ensure policies and procedures are in place to detect, report and investigate personal data breaches. You need to have an information security policy in place. Use encryption and/or pseudonymization where appropriate.
Staff awareness and education are key components of any organization’s compliance framework. Everyone involved in processing data must be appropriately trained to follow approved processes and procedures.
Let's Work Together
GDPR compliance is an ongoing project. Schedule regular audits. Keep records up to date. Undertake DPIAs where required. Assess your practices and policies.
All of this can be overwhelming, especially if you’re just hearing about it or attempting to take GDPR compliance for your company. Get in touch with us at AccTech Solutions, Inc. and let us help you.