It’s now less than two years until the EU’s General Data Protection Regulation (GDPR) comes into effect. In our last post we looked at the impact this will have upon organisations. Here, we outline the practical steps you can take to prepare for this new climate of increased regulation.
First of all, you need to arm yourself with the facts and bring these to the attention of key decision makers. If they understand the consequences of non-compliance, which can include fines of up to €20 million or 4 per cent of your annual turnover, whichever is the greater, you’ll be more likely to gain their support sooner rather than later.
At some point you will need to document the personal data you hold – where it came from and with whom it’s shared. Look within and outside your entire organisation and in specific areas. Consider the value of an information audit. At the same time review your privacy notices and policies and build a plan for accommodating change.
Your procedures should address all the rights given to individuals under the new laws. These include having inaccuracies corrected, erasing information and preventing direct marketing without consent. Make sure you know who is making decisions about deletion and if your systems support this. Don’t forget to explore data portability and the formats you use to supply information.
Update your procedures so you can handle requests within shorter timescales. If you deal with a lot of requests, you may want to invest in online access. You should also know why you’re collecting and using personal data and make sure you have a legal basis before you process it.
For many, it makes sense to turn to a trusted partner such as Iron Mountain. Our Professional Services experts are on hand to help explain what the changing regulations mean. They can empower you to keep control and mitigate risk at every stage of the information lifecycle, enabling you to meet and exceed your GDPR obligations.
If you’d like more information on getting ready for GDPR, download our practical guide and expert tips on How to Prepare for the General Data Protection Regulation (GDPR).