ECCB 14Online Magazine

The Need for GDPR Compliance

With the new GDPR looming, you may be one of the few companies frantically trying to beat the deadline. You must be on your toes day and night trying to streamline your process and come up with new strategies to make sure you are not caught flat-footed when the inspectors come knocking.

Even if the past projects don’t fall within the requirements of the new regulations, it is a fact that upcoming projects in your company will include an element of GDPR, which means you need to be fully prepared for anything.

The Basics

So, why is everyone talking about GDPR, and how different is this law compared to the previous legislation that has been in effect?

    1. The Scope

First, GDPR goes well beyond merely safeguarding client data against misuse. Traditionally, the former law targeted email addresses and telephone numbers; GDPR goes beyond this. It seeks to apply strict rules against any data that relates to EU citizens, including names, usernames and IP addresses.

Additionally, there is no clear distinction between the information that you hold on a personal or business or individual capacity – the whole data is classified as personal data that identifies your client and is therefore regulated by the GDPR.

This scope is the one that has made businesses to sit up and notice and try to comply. The strict interpretation of the law forces the business to comply with the new regulations. To make things even more stringent, the rule doesn’t not only apply to the data that is acquired after 25th may 2018, but also the information that you already have in your database.

    1. Consent

You need to gather approval for any actions you intend to take on the data. Conventionally, you only asked for permission when you needed to use the data. This isn’t sufficient anymore. This means that if you buy a list of contacts from a vendor to use for marketing purposes, you stand to be prosecuted. The action of purchasing contact list is not obsolete and attracts hefty fines.

So, if you have a list of clients whom you have sent marketing messages before, without them giving you consent, you need to discard it or get their consent.

The Steps to Compliance

With just a few days to the deadline, you need to be already compliant. If you aren’t, you need to start the process immediately. The best way to do this is to make sure you get a company to help you. Don’t go for just any company but opt for a company that understands, and has experience working in information security to put the various modules in place and to make sure you beat the deadline.

    1. Know Your Data

You need to map your data and understand the kind of data you hold in the database. You need to know how the data is stored and accessed by the business, a process that helps to point out any compliance gaps and helps you take the necessary steps towards compliance. You are also seeking to understand the areas that need consent and how you can implement it.

    1. Appoint the right staff.

You need to appoint the right staff to handle the compliance process. One personnel you must have is the Data Protection Officer. This will be in charge of all aspects of GDPR will also act as the primary contact between the company and the authorities.

    1. Train the Team

You need to make sure that anyone with access to the data receives the necessary training within the context of GDPR.

Final Thoughts

Make sure you stay within the regulations when GDPR sets in. To do this, you need to be fully prepared.

Comments are currently closed.