How to meet GDPR requirements step by step
Here are 10 steps to avoid fines and prepare for a successful implementation of the new EU regulation.
GDPR has rightly entered the consciousness of businesses in the Czech Republic. Most of them are aware of the new GDPR and are resigned to the fact that there will be big changes.
The EU regulation will affect companies and individuals who handle the personal data of EU citizens. It will require new processes and stricter protections for this sensitive data.
This event is drawing a lot of attention from all participants. This is because of the high fines for non-compliance with GDPR rules and the relatively short timeframe to prepare properly.
The GDPR regulation starts to apply from 25 May 2018 and therefore we are already providing 10 steps to avoid fines and calmly prepare for the successful implementation of the measures under the new EU regulation.
Across Europe, legal and IT departments are preparing appropriate internal regulations for their organisations. Individuals will need to ensure that they translate the new regulations into practice in their day-to-day work.
How to go about implementing the GDPR?
Before you begin to address the measures in your company, ask yourself the fundamental question: how do your employees actually view and handle sensitive data protection in your organisation? We have prepared some simple and easy-to-understand steps to guide you in preparing your measures for a smooth handling of the GDPR requirements.
- Do an analysis and find out which specific parts of GDPR apply to you
- Determine which data protection authority you fall under with respect to your company's area of operation
- Create a list of all personal data that you handle in the company
- Check, edit or create privacy notices that you use to tell affected individuals how their personal data will be handled
- Be legible and open, let people know what personal data you collect and for what purpose
- Back up the reason for collecting personal data with a legal basis, have a legally watertight reason for collecting personal data
- Verify that the consent you are obtaining for processing personal data in accordance with the GDPR must be specific, informed, unambiguous and unconditional
- Caution on obtaining consent from children! GDPR significantly tightens the collection of personal data from minors. If you work with them, focus on this area.
- Secure the system! Take measures to eliminate the possibility of data leakage and establish crisis measures in case a leak occurs.
- Appoint your DPO (Data Protection Officer), the person who oversees, reports on and is responsible for compliance with data protection measures, and consult with them regularly during the preparation process.
If you are interested in details, do not understand something or need any other information, contact us. We will be happy to advise and address your needs and questions individually.