GDPR: What must you not forget in the heat of battle?

There is a lot of information about what you need to observe and comply with today and every day. Are you sure you haven't forgotten something? Read on and make sure!


There is a lot of information about what you need to comply with and do today and every day. Are you sure you haven't forgotten something? We've highlighted a few points for you just in case, and we hope this will make it a little easier for you to get to grips with the new legislation.

Have a coffee with the lawyers. Even if you feel the new rules don't apply to your business, have the experts confirm. You may not be doing business in Europe, but your business will still be subject to GDPR regulations. Then you would be subject to the subsequent penalties. It is certainly better to take professional advice than to step on the wrong foot and pay heavily for an ignorant mistake.

Do you use a CRM in your work that contains your clients' data? These systems contain a lot of information about people, but they don't store their citizenship data. Here, you may run into the problem that European citizens need to be provided with a specific processing path (e.g. when registering, etc.) and it is appropriate to provide them with appropriate checkboxes.

You can't buy real GDPR compliance, but you can buy products that clearly show you have the effort to ensure that compliance. What do we mean by that? Any apps and systems that help identify security issues and proactively highlight them will do the job to a tee.

Create a process map that captures all the ways personal data is stored and managed. You'll greatly appreciate this when a European customer asks you to delete data. This is because it's not just about the actual resolution of the request, but you need to think more broadly. Are you able to ensure that the data does not reappear in the systems?

One of the biggest risks to you is likely to be e-mail. This is because your email client's address book is automatically populated from ongoing communications. This is also personal data. The ideal solution for you may be to create two address books, one for your personal use and one for your business addresses. The corporate address book needs to be synchronized with the CRM system, and the personal one needs to be scanned regularly to remove duplicates that got there from the corporate address book.

Keep a low profile and don't make statements that are overly inflated. Clearly, you need to make a statement about your efforts to comply with GDPR, which you then want to include on your website. It's a good idea not to overshoot in this area and declare what isn't quite true. Attracting the attention of the European Commission regulators is surely the last thing you want.

If you're not sure whether you've covered everything you need to run your business to be GDPR compliant, don't hesitate to contact us. We have specialists on our team who can advise you on these issues.