If your company gathers data on people in the EU, then you will most likely have to make changes to your security measures. The General Data Protection Regulation (GDPR) is implementing a new standard for consumer rights. This standard concerns data collection practices in the EU and companies are expected to comply. In fact, if companies don’t comply, they will be smacked with a hefty fine.
Why do we bring this up now? Because the deadline for compliance to the new and improved regulations is May 25, 2018.
Here is a quick checklist of things you need to do to be ready for the May 25th GDPR deadline.
- Inform all stakeholders – It’s probably your IT department already knows about this deadline, but does your executive board, marketing team, finance team, sales force, and operations team know? Take the time to get everyone on board.
- Conduct a risk assessment – Find out what data you store on EU members and where you might be at risk for non-compliance. Remember, this includes data you collect via mobile device as well. Here is a more comprehensive list of key changes to use as a baseline.
- Create a data protection plan – Once you know where you don’t comply, create a solid data protection plan that falls in line with the new regulations.
- Report your progress -The GDPR regulation requires organizations demonstrate they are making progress toward completing the Record of Processing Activities (Article 30) of the new regulations.
- Take measures to mitigate risks – Once you have identified any potential risks, implement plans to mitigate those risks.
- Test your incident response plans – The new regulations require you to report breaches within 72 hours. Test your response plans to make sure they are efficient.
- Put assessments in place – This is not a one and done kind of job. To ensure you don’t fall out of compliance, make ongoing assessments a priority.
- Ask for help – If you’re worried about compliance, consider using outside resources or hiring a consultant to make sure your organization is ready.
This process will help ensure you are compliant with new regulations and not in danger of incurring any fines. In fact, according to a recent survey, 74% of respondents believe complying with these new GDPR standards will be a competitive advantage moving forward.
And it’s true. The more you can do to ensure the safety and protection of your data for all your customers, not just those in the EU, the better off your firm will be.