The new EU General Data Protection Regulation of the European Union will have a wide impact on how data of EU citizens can be stored – and business are well advised to not take it lightly. Companies face strict fines for not complying with GDPR standards and fines can make up to 4% of annual global turnover. The new regulation will not only affect companies inside the European Union, but also entities that provide goods and services in the EU in general. With the new regulation, the European institutions aim to strengthen and unify data protection for all individuals in the European Union and give its citizens control back over their personal data. This data may include contact information, credit card information and/or social security numbers etc.
The regulation will be enforced from May 2018, so now is the perfect time for companies who hold data of EU citizens to take the necessary steps to stay compliant with GDPR in the future. Optimizing your processes with these five steps will help you tackle the new regulations:
- Identify Risks
To evaluate and determine which data you have that might fall under the GDPR is a first necessary step to know if you have to change existing workflows. Where does your data currently reside? How does it move through your system? How long has data been stored in general? Do you have measures in place to change, erase or anonymize your data? Identify qualified staff members to specifically tackle these questions and compile a comprehensive inventory of your data management. Once the inventory of personal data is complete, establish a policy for handling that data in compliance with the new regulation. Check if your policies concerning proper security and exposure of personal data are up to code and up to date. Potential risks should be categorized and relayed to task owners.
- Involve your legal department
If you have a legal department that can oversee and advise your risk management team, all the better. Seeing that legal qualifications can reach highly detailed levels it is vital to have experts on board, who can point out crucial issues or give vital insights.
- Change workflows
For your data storing to be GDPR compliant, a change in existing procedures may be necessary. You may need to inform individuals when and why personal data is collected and request that individuals give explicit consent to retain personal information.
- Develop a protocol
Lay down standard procedure on how to handle personal data. How do you want to handle inbound requests? Who is responsible for this? When does information have to be stored for legal, business, or other reasons? Each area should be thoroughly considered with the protocol clearly communicated to all key stakeholders.
- Communicate new measures
Inform your customers, vendors, and employees about your steps to tackle GDPR and relay new procedures to safeguard their personal information. Let them know how much you care about their privacy and your role as the custodian of their personal data. Be sure to communicate that you are taking the regulation seriously.
“Companies that communicate to their customers that they take the security of their personal data very seriously, can expect to receive positive responses and can strategically market this gratitude to work on their overall brand and consumer trust”, explains Christoph Dubies, chief strategy officer at Hanse Orga Group. Hanse Orga Group provides data and document management solutions that help streamline the process to keep your business compliant. The new regulations will affect companies worldwide, regardless if they are located in the EU or not. Non-compliance could be costly business for companies and by building your data storage around these five critical areas, you can ensure that your company is ready for the GDPR.