Six Ways to Prepare for GDPR

Six Ways to Prepare for GDPR Right Now!

The European Union (EU) General Data Protection Regulation (GDPR) is just two days away from going into effect. Although it was passed in 2016, companies worldwide are scrambling to comply with the requirements intended to protect the privacy of EU citizens. It is estimated that only half of companies required to comply will be ready by the May 25th deadline.

In case this is news to you, the GDPR is a directive that kicks in on the 25th of May,2018. The new regulations set up data privacy standards to allow EU citizens more control over their personal data.

  1. Determine if GDPR applies to your organization
  2. An organization must comply with the GDPR if it collects or processes the data of European Union citizens, if the company has a business presence in the EU, or if it is marketing to EU citizens. This applies even if a business is based outside the European Union.

  3. Determine if your organization is a data controller or processor
  4. A data controller is a person or organization that collects data about EU residents. Data controllers determine the purposes, conditions, and methods of the data processing. If your organization is either one of these, then you should be working on your privacy policies, data handling procedures

  5. Document what type of data you collect
  6. It’s difficult to determine if GDPR applies to your organization if you don’t understand what type of data your organization collects and processes. EU Citizens whose data is being used by a company must be aware of this. They must be able to request access to what their data is being used for. Citizens have the right to correct their data. They also have the right to erasure, also known as the Right to Be Forgotten. This means they can elect to have their data removed from controllers and processors.

  7. Check your cookie privilege
  8. After determining what type of data your organization collects take an inventory of what cookies your website is using. If you are not sure, use an app like Ghostery to show you what cookies and trackers a website is running.

  9. Update your privacy policies and terms of service
  10. With an understanding of your data collection procedures and cookie tracking, you can begin working on updating your website’s privacy policy and terms of service. Keep in mind that long unintelligible terms and conditions consisting of legalese are no longer accepted! These documents must be clear and easy to understand.

  11. Repaper Consent
  12. You may find that you need to obtain consent from your email subscribers. Personal data can only be used for the purposes that was stated when the user gave their consent. People will have to be informed and opt-in to receiving all content. They just opt into most cookies and tracking, including the third-party cookies of data processors.

Complying with GDPR is not as simplfied as this makes it sound. It is complicated process of compliance that needs to begin with understanding and documenting your data collection and processing activities. IF your organization is compliant with the older Data Protection Act (DPA), then complying with GDPR will be a bit easier.