GDPR Compliance Checklist: How Prepared Are You?
With doomsday fast approaching, many businesses are rushing to make sure they are GDPR compliant as soon as possible. The deadline date might be just around the corner, but if you’re not GDPR compliant, then there’s still time to act.
To help you make sure your business is fully compliant with the new legislation, we’ve put together a helpful checklist to guide you in the right direction. The good news is if you’re currently compliant with the Data Protection Acts (1998 & 2003) then you shouldn’t have to change much of your approach.
However, there are still new elements and factors with the law that will require some big changes within your business. Such as from how you collect and manage data to how you deal with data breaches.
To get things started, let’s start with a quick refresher on what the GDPR legislation is and what it’s trying to solve.
For those of you that don’t know anything about GDPR, then you should definitely read our previous post: GDPR Made Easy. Nevertheless, here’s a quick overview of the main points:
Announced in 2016, GDPR is a new form of legislation that aims at increasing the protection of citizen’s data in the EU. Often referred to as GDPR, the General Data Protection Regulation legislation comes into effect on 25th May 2018. Before the deadline, all businesses who deal with data from EU citizens must make sure they comply with the new law or risk facing massive fines.
For many businesses, just thinking about where to start to become GDPR compliant can be a headache. Considering most business don’t even fully understand the complexity of GDPR and what it means, deciding where to start can confusing.
Luckily, we’ve put together a step by step GDPR checklist that covers all the main points you need to do within your business. From appointing a data protection officer to reviewing your current stored data, here’s how to get GDPR compliant as fast as possible.
GDPR Compliance Checklist
Inform Your Staff
To become fully GDPR compliant it’s essential your entire workforce understand the new law and legislation. There’s no point introducing new procedures and changes if your staff aren’t going to follow or understand them. By informing your staff about the new GDPR law, you can also identify areas that could cause compliance problems and factor that into your future planning.
We suggest holding a staff meeting and explaining the key points to your employees to ensure they follow the correct procedures and don’t do anything that might compromise data.
Review Current Data
An essential step in becoming GDPR compliant is to review the current personal data you have on file. During your review, you should be asking yourself questions such as:
- Why are you holding it?
- How long will you retain it?
- How securely stored is it?
- How did you obtain it?
- Do you share it with any 3rd parties?
This step is essential to ensure you are collecting data correctly and are complying with data protection principles. Obtaining personal data without consent can land you in a lot of trouble, so making sure you collect it ethically and store it securely is essential.
Appoint A Data Protection Offer
Under the new legislation, GDPR states that a Data Protection Officer (DPO) should oversee the entire businesses data protection strategies and compliance programme. Although this new rule is aimed more at larger public organisations that store millions of personal data, it’s still a good idea to designation someone to oversee GDPR compliance. This could be someone who already works in the legal department or even yourself if you’re just a sole trader.
Depending on the size of your company it might even be best to bring someone new in to oversee the protection of data. A recent report showed that 50% of businesses said their current workforce don’t have the right skills and qualifications to implement a compliance project.
Write Up A Data Breach Plan
Data breaches are extremely serious for any business no matter how big or small. In the past, many companies have tried to cover up data breaches by not revealing any information and keeping them a secret. But now, as part of the GDPR legislation, all businesses must have procedures in place on how to detect, report and investigate personal data breaches.
All personal data breaches must be reported to the DPC (Data Protection Commissioner) within 72 hours of identifying the breach. Breaches that are likely to bring harm to an individual, such as the breach of personal documents that could be used for fraud, must also be reported to the individuals concerned.
Any business who fails to report a breach could result in a fine, on top of the fine for the breach itself. At the very least you should have a data breach plan in place just in case something out of your control happens.
Confirm Any Mailing Lists
Many businesses often have an online mailing list that users opt in to or are added to after purchasing something from them. As we mentioned earlier, knowing how you obtain data from customers and use it is crucial to becoming GDPR compliant. If you’re already signed up to other companies mailing lists, then you’ve probably already received various emails asking to confirm your subscription.
With the new GDPR law coming into place, it’s now more important than ever to prove you have customer’s consent to hold their data and use it. If you can’t remember how someone ended up on your mailing list, then it’s best to reconfirm with them to make sure they still want to be contacted.
Become GDPR Compliant Today
Time’s ticking! Are you still struggling to become GDPR compliant before the May deadline? Need help reviewing your current procedures and policies? Here at Purplebox Digital, we can help you and your business become fully GDPR compliant in time for the deadline. Contact us for more information about our GDPR compliance services and how we can help make your website GDPR compliant.