How to achieve minimum GDPR compliancy during the next 180 working days

In April 2016, after four years of discussions the European Parliament finally approved the new EU General Data Protection Regulation which will become enforceable on May 25th 2018. So, with just one year away from the new regulation coming into force, the question that lies in front of all of us is are you ready for the EU GDPR?

The latest statistics shows that companies still have a long way to go and there is still plenty of work to be done if companies want to compliant and avoid fines, major business disruption and long-term reputational damage.

To achieve a minimum GDPR compliancy the following needs to be undertaken within the next 180 working days:

  • Privacy governance framework, specifying all details about roles and responsibilities, would you be needing a Data Protection Officer?
  • Take care of the new data subject rights.
  • Data breach communication framework, 72 hours is not a lot of time to respond.
  • International company? Make sure your Binding Corporate Rules are set to go. It takes a long time to get them approved by the EDPB.
  • Get an inventory of all your processors and make sure that data processing contracts are in place.
  • Get a grip of personal and sensitive data in all your company silo’s and make sure that those records of processing registers are in place.
  • Create a data privacy classification policy on top of your information classification policy and make sure that it gets implemented and used.
  • Get legal involved in all the paper work, policies, guidelines, contracts.
  • Create or review your company privacy policies
  • Make sure there is a privacy training and privacy awareness program in place

So in order to get ready, assess what is needed, get a grip on the privacy maturity within your organisation, take the correct measures and apply a risk-based approach while implementing the GDPR.

Read more about GDPR here!