With the GDPR (General Data Protection Regulation) law in place for almost a year, businesses should ensure that they meet the compliance requirements. Keep in mind that this regulation not only applies to European businesses that work with the customer data of EU citizens. GDPR is a global data protection law that applies to any entity that processes EU citizen data. Even if your company is in the US, China, Brazil, Africa, or in Saudi Arabia, you will need to comply. The two year grace period is ending! What you need to know about GDPR compliance checklist? Read on!
2019 GDPR Compliance Checklist
Step A: Create a Lawful Basis and Ensure Transparency.
- To determine what information you process and who has access to it, you must conduct an information audit.
- Have a legal justification for your data processing activities.
- Your privacy policy should provide concise and clear information regarding how you process data and legal justification.
Step B: Ensure Data Protection by Design and by Default
- Data protection has to be taken into account at all times. When developing a new product or service and every-time you are processing data.
- Make sure to encrypt, anonymize, and pseudonymize personal information wherever possible.
- Setup an internal security policy and ensure your employees are aware.
- You should be able to determine when to conduct a data protection (DP) assessment and have the process set up so you can carry it out instantly.
- Ensure you have a concrete plan in place regarding what to do and whom to contact in the event of a data breach. Make sure you know which authorities to contact when these things occur.
Step C: Governance & Accountability
- Make one of your employees responsible for ensuring compliance across your organization.
- Make sure data processing agreements have been signed with any third parties that process personal data on your company’s behalf.
- If your company is located outside the EU, appoint a representative within the EU.
- Appoint a DPO (Data Protection Officer) when needed.
Step D: EU Citizen Privacy Rights
- Ensure it’s easier for your customers to request and receive all the information that you have on them.
- Make it easier for your customers to correct and update inaccurate or incomplete information.
- EU citizens should be able to file a personal data deletion request.
- EU Customers need to be able to stop you from processing their data.
- Ensure there is a process in place that enables EU citizens to receive a copy of all their data in a format that can be easily read and processed. They are also able to object.
- Make it easier for people to request human intervention in any automated process that makes decisions about people.
A lot of checkpoints! To help you, we created a free GDPR implementation project plan that includes all the steps you need to cover in an easily adjustable timeline.
Wait, There’s More!
Just one whole set of PowerPoint, Excel, and Word documents you need to get ready, only today, we offer this complete compliance KIT with 50 well-crafted documents, for $59 instead of $69.Use the following discount code at checkout 1GDPR
Have a look and decide for yourself: GDPR Complete Compliance KIT