The European General Data Protection Regulation (GDPR) harmonizes the data protection laws across all countries of Europe. The new GDPR act is soon going to replace the present EU Data Protection Directive. It is expected to be implemented from the 25th of May 2018.
Keeping the date in mind all the organization are already gearing up well in advance to make all the preparations to meet the required standards as stated in the Act.
The guidelines covered under GDPR is applicable to all kinds of information which are used to identify individuals and that covers CCTV as well, even the online identifiers like cookies and addresses all come under its scanner. So while you store any personal information you have to mindful to follow the guideline outlined by the GDPR for Data Protection. It is mandated for every company to comply with it and take the onus of protection not only the company’s data but even of its employees. By complying with the GDPR guidelines the company ensures that the “Right to Privacy” of its clients and employees which is important to the business and will benefit the company over the long term.
Here are few points that will help you prepare for the GDPR
The most important part of data protection and particularly GDPR will be the responsibility. Our team of GDPR consultants will help you create a data protection in line with the design of your business processes, that ensures a sense of responsibility of the data that you are handling at every step.
Your disclaimer statement should be explicit in conveying the information on data protection practices adopted by you which includes the methods by which you manage requests for data accessibility, data breaches and any third parties who process or handle PII. Our consultants will help you to script a clear and accurate statement.
An organisation to comply with the requirements of the Data Protection Act (DPA) and General Data Protection Regulation (GDPR); it is important to review and report on all its current policies, procedures and working practices in relation to identify any gaps or pitfalls which require being addressed for the organisation to meet the requirements of GDPR.
Limited Shelf life
We help you develop the IT systems or software that will process the personal data (which includes your or your customer’s personal data) to have a limited shelf life up till 2018.
You can further negotiate contracts with third party data processors to extend the lifetime of the contracted service beyond 2018 and leave you in a non-compliant position.
Scope of Augmentation
Once the scope of the operational activity is determined within your organization which includes the processing, storage and sharing of personal perceptible information, the subsequent step will be to determine whether your current approach that you have adopted to data protection addresses the requirements of the GDPR or it needs some further development or augmentation.
Spread the word you should ensure that the decision makers and key people in your organization are well informed about the changes taking place in the GDPR. They need to understand the impact and importance which is likely to have.
Processing data by law you should be well aware of the laws within which you need to document and update all your privacy notes which you can explain whenever required.
Data protection plan get yourself acquainted with the ICO’s code of practice on Privacy Impact Assessment as well as the latest guidance from the Article 29.