No doubt you’ve heard a lot recently about the EU’s General Data Protection Regulation (GDPR). It’s an important piece of legislation, yet some organisations are underprepared. With less than three months until the deadline for compliance on 25th May, here’s what you need to know.
1. Understand the spirit of GDPR
You don’t need to wade through pages and pages of legal text. Put simply, the regulation is designed to put personal data back in the hands of the individual who owns it and ensure organisations are transparent about how they handle personal data.
2. Take a good look at how you handle personal data
Make sure your practices are in line with GDPR. Only collect personal data that you need and only store it for as long as you need it.
3. Check your data storage systems are secure
Don’t store personal data unencrypted on a USB stick, for example, or leave it on an unsecured web server. Data breaches can lead to big fines under the regulation, so keep it secure, encrypted and safe from prying eyes.
4. Make someone in your organisation ultimately responsible for data protection
This person should be properly trained and briefed on their obligations. Depending on the nature of your organisation, this person could be your Data Protection Officer (if you’re required to appoint one), Chief Data Officer, or Privacy Counsel.
5. Treat personal data with care and respect
This is the simplest part of the whole thing. Treat the personal data you collect the same way you expect your personal data to be treated.
If you’ve already started thinking about GDPR and have good practices in place, none of this should be a huge problem. If not, don’t panic, but make sure you take action now to get your house in order. Even though it might seem scary at first, GDPR is a step in the right direction for data protection and should be welcomed.