A few articles back we went through the definition of the General Data Protection Regulation (GDPR), a European Union law to protect the online personal data of European customers. If you collect or save data of consumers residing in any EU member state, as a company business or self-employed, than you are liable to GDPR and compliancy is very important as violations carries hefty fines.
Compliance with GDPR is important not only to avoid any fines but its correct implementation strengthens the trust with your customers and their faith in your company and/or business. Also an actual part of the process is to map the data flow within the organization before planning the implementation and handling of the data. Going through the different jargon you can summarize a small pocket checklist, like the one below to aid you through:
- Appoint or hire a Data Protection Officer (DPO)
- Assess measures for data privacy
- Outline a data management plan
- Implement tools (also online) to gather consent
- Compile a structure for keeping records, documents and data
- Establish procedures for data auditing
- Establish protocols in regards to any data breach
Once this GDPR plan is drawn-up the collaboration between the DPO and the different departments within your company or business is imperative. The DPO will come up with measures to go through in order to get the customer’s consent, upkeeping and storage of the customer’s data, but also the data exchange within the departments of your company. The last and most important part is the drafting of a protocol or mitigation plan in case of a data breach, which must include the notification of the Supervisory Authority and of course the customers concerned.
While the correct implementation of GDPR can be challenging, approaching it from the right angle can give you and your company an upper hand in your industry.
Regulary check out this space for more tips on best practice to grow your business.
