GDPR or General Data Protection Regulation is a rule designed for giving EU (European Union) and EEA (European Economic Area) citizen’s power over how their personal data is collected and used online. The aim of the GDPR is to simplify regulatory environment for businesses so that businesses as well as citizens in the European Union can take benefit from digital economy.
The demand of GDPR is greater accountability as well as transparency from organizations regarding how they collect, store and process personal information online.
Establishing accountability as well as governance framework
Brief management of GDPR risks as well as benefits.
Management support for GDPR compliance project.
A director who will be responsible for GDPR.
Plan as well as scope your project
Appointing as well as training project manager along with DPO.
Identifying entities which will be in scope.
Conducting data inventory as well as data flow audit
Assessing data categories as well as lawful basis of processing.
Data flow must be mapped within the organization.
Using data map for identifying the risk in data processing activities as well as whether the data protection impact assessment is required.
Conducting detailed gap analysis
Auditing current compliance position against GDPR requirement.
Identifying compliance gaps that require remediation.
Developing operational policies and procedures
Creating a record of personal data processing activities which are drawn from data flow audit as well as gap analysis.
Bringing data protection policies as well as privacy notices in accordance with GDPR.
Update as well as review employees, suppliers, and customer contracts.
Plan about how to recognize as well as handle data access requests and provide responses within a month.
Have a process for determining if DPIA is needed.
Securing personal data through the right procedure as well as technical measures.
Ensuring that all policies as well as procedures are in place for investigating personal data breach.
Reviewing if data transfer mechanism outside EU are compliant.
Communication
Fruitful internal communication with stakeholders.
Employees are required to understand data protection’s importance and be trained on GDPR principles and procedures must be implemented.
The checklist requires to be taken into account present and past, employees, suppliers and customers.
You have to reveal types of personal data’s understanding that you hold along with the source from where they are coming
Identify if one is depending on consent to processing personal data. If it is difficult to identify under the GDPR since the consent might not be clear and explicit, avoid trusting on the consent.
Security measures as well as policies need to be updated as GDPR-compliant. Broad use of encryption will reduce the probability of a big penalty in case of a breach.
Be prepared for meeting access requests within a month. Since Subject Access Rights keeps on changing and under the GDPR people have full privilege for accessing their personal data and rectifying whatever is inaccurate.
Due-diligence on your supply chain must be conducted ensuring that all suppliers besides contractors are compliant to GDPR.
It is needed for creating fair processing notices describing to people what you are doing with their personal data.
Decide if there is need to employ a Data Protection Officer (DPO) for carrying out everything in a legal and amicable manner.
GDPR has a huge penalty structure and the rules are applicable to both processor as well as data controllers in cloud and thus, huge cloud providers aren’t off the hook during GDPR enforcement. Here non-compliance may result to global revenue’s fine of up to 4%.
There isn’t any requirement for timely governmental audits as well as inspection however supervisory authorities have the right for carrying audits.
GDPR can affect anyone in the economic activity irrespective of the size of business.
Saga is making an effort to ensure that all its active products are ready for GDPR.
GDPR requirement supersedes every existing government law regarding data protection for EU member states.
The UK government is implementing GDPR in new data protection law through data protection bill and will continue to be effective as soon as Brexit takes place in 2019.
Finally, GDPR can also affect any business all over the globe that process individual data in EU. It is necessary to employ representatives in EU for handling GDPR enquiries if it is offering goods as well as services to people in EU along with monitoring their behavior.
