The General Data Protection Regulation, or GDPR
for short, is a brand-new legislation developed to help protect the confidential data of citizens in the European Union and it comes into effect on Friday, May 25, 2018.
7 Things to Do to Remain GDPR Compliant
Include Data Retention Schedules in Your Policy
Under the GDPR, authorities can ask to review your policies and procedures at any time. Make sure that your policies and procedures include retention schedules
for different types of confidential information, outlines of how you will destroy confidential data, and how you will keep an accurate record of what’s being destroyed.
Conduct a Privacy Impact Assessment
A Privacy Impact Assessment is a key component of this new legislation. Conducting this assessment will help you to identify areas of risk within your own organization, ensuring the protection of confidential data at all times.
Get Your Leadership Team Involved in Promoting GDPR Compliance
Use a top-down approach and have your leadership explain to employees the importance of GDPR compliance. Have them explain why it’s important to their job, their processes, and how things will change moving forward.
Designate a Team to Oversee Data Protection
By ensuring a designated person or a team is held responsible for overseeing data protection
and making sure that data protection processes are being followed, the less likely an organization will fall victim to a breach.
Implement a Clean Desk & Shred-it All Policy
Clean Desk and Shred-it All policies
ensure that your employees have a clear understanding of how to keep all information secure by reducing clutter and safely destroying information that could get into the wrong hands.
Develop a Data Breach Response Plan
With this new legislation, some breaches are required to be reported within 72 hours. Ensure that you have a simple and well-understood response plan
in place. It can help to limit the damage that will occur in the event of a breach.
Consult a Legal Adviser
You should consult a legal adviser
to ensure that you fully understand the impact of GDPR on your organization and how to appropriately achieve full compliance.