The GDPR is coming – this Friday, May 25. Like many a summer blockbuster, it can blow a hole in your budget, as it significantly increases the fines that companies could pay if they flout data protection law.
Ideally, you’ve been getting read for the GDPR for some time. But, if you are in a mad scramble, don’t get too stressed. The harshest fines in the legislation are saved for organisations that simply ignore the law rather than trying to comply. In other words, any step you take towards compliance is better than nothing.
With that in mind, here are three essential issues to focus on as the GDPR deadline arrives.
Last Minute Priorities for the GDPR
At the most basic level, you need to keep personal data that you hold safe. This applies for both digital data and hard-copy files. Many data breach stories focus on large scale hacks of vast online databases. But often, hard copy data is just as vulnerable, particularly if you don’t have it stored securely. To fulfil the most basic excpectation of the GDPR for data controllers and ensure your digital and physical files are stored safely.
Find out more: Best Practice for Hard-Copy Storage
Who in your organisation can access what personal data? If you can’t supply a rough answer to that question, then the GDPR will cause you quite a few headaches. One of the guiding GDPR principles is that only authorised people in an organisation should access personal data. This is (relatively) simple to implement for digital data: files can be moved to particular servers, so access can be limited and tracked. Hard-copy files may pose more of a problem, unless you have a system in place. If you don’t have your physical and digital documents organised to track and limit access, make that a high priority.
Find out more: How to Track Data Access
As the GDPR deadline approaches, consumers are increasingly aware that they have rights about their personal data. This includes a right to access their information, to seek correction of inaccurate information, and (in most cases) a right to stop their data being processed. Moreover, if consumers aren’t happy, they can add to the Data Protection Commissioner’s ever-growing complain caseload.
As a result, every organisation will need to have their processes for handling this type of query up to snuff. If you haven’t already done so, take a long hard look at how you handle access requests, complaints, and other queries affected by the GDPR.
Find out more: Handling Access Requests