We need to have THE TALK. Yes, yes, we need to talk about GDPR. The General Data Protection Regulation comes into effect today and it’s going to change the way all businesses communicate and manage the data of European clients. But we bet you already know this since your inbox has most certainly been flooded with GDPR related emails. A necessary evil we must say.

Now it’s time to look at the other side of your inbox, so to speak. Because if you’re running a business and you’re storing even the most basic data about European customers, you need to make sure you’re GDPR compliant. No, this is not a good time to be a rebel, because you can be fined up to 4% of your global revenue if you miss even the slightest detail.

However, since GDPR is a piece of heavy and highly complex regulation, the 25th of May is just a beginning for a long-term transition. And while we believe regulators will ease into it and allow you time to work your way towards full-compliance, there’s no certainty. What’s more, we’re certain you truly care about your clients’ data and recognize that this will do everybody a lot of good.

Thus, let’s go over what GDPR implies, what you should have done until now and what you need to do next.

 

What are the main requirements of GDPR?

As we’ve already mentioned, GDPR is a tough nugget to crack. Actually, most experts advise companies to create internal departments or outsource data management to professionals in order to ensure GDPR is properly respected. Why? Well, because it’s a long document, written in legislative terms that can be hard to decipher. However, since entire departments and outsourcing cost quite a few bucks, here are the basic requirements you must adhere to:

1. Ensure data control and data security

This means that you can only process data for the purposes you’ve been authorized to. What’s more, you must make sure all data is used accurately and without losing integrity, with the minimal exposure for the subjects’ identity. But that’s not all. You must take all the necessary measures to ensure data protection and install the safeguarding solutions to keep data for additional processing.

2. Allow data subjects to revoke consent

If a contact gave you permission today to use their data, that doesn’t mean you’ll still have that consent tomorrow. Actually, it’s stipulated in the GDPR that you cannot keep their data indefinitely. In case a contact or partner expresses their wish to have their data completely erased from your databases, you are bound to do so, excepting the case in which there are legal reasons that specify otherwise.

3. Mitigate privacy and security risks

You must be very thoughtful with regard to the data you guard and conduct a full risk assessment. Based on this, you’ll have to implement the needed measures to demonstrate you are mitigating risks.

4. Offer prompt breach notifications

In the case of a security breach, you are expected to notify authorities in no more than 72 hours and give a full report on the threats. What’s more, you must directly communicate the details to all the parties involved who are at risk.

 

How to make sure you are GDPR compliant?

Now that you better understand what GDPR entails, you need to make sure you adhere to its requirements. At a first glance it sounds overwhelming, but don’t stress yourself more than you should. You can do it! You simply need to follow these steps thoroughly and don’t be afraid to ask for outside help if you can’t take care of all the details yourself.

1. Start with an Audit for all the data you hold

Whether you’re managing a small database with basic info for newsletter purposes or your operations include more complex data management, you need to make sure you count everything in. To do that, you must access all your data sources, no matter in which format you have them. All personal data stored by you must be tracked in an inventory. This inventory will come in handy when you’ll have to think about how to ensure data security and avoid risks.

Once your data audit is complete, you need to organize your data for better handling. Extract categorize and catalog data. It’s going to make everything so much easier! And you’ll see exactly how much of your current data falls under GDPR protection. Currently, GDPR protects the following type of data:

  • basic data and info such as name, address
  • web identification related data such as IP, cookies, location
  • demographic data
  • data regarding political preferences
  • biometric data
  • racial/ethnic data
  • sexual orientation

2. Assess the risks to your current data

Next on the list: identifying the potential risks and security threats that may affect the data you hold. Knowing your “enemies” is essential in creating a security solution that will keep them away, so to speak. And while knowing where your data is and how it’s stored is essential, knowing which risks can damage it is even more vital. Here’s where all the difference lies.

3. Review policies and procedures

With all this knowledge power in your hands, now it’s the time to act! You must begin by drafting your privacy policy and asking for the consent of your subjects to be able to continue to process their data. Also, you must apply the needed security measures to reduce the potential risks you identified or any other possible future risks. Here you need to get your IT and data management specialists involved, as the domains the procedures cover are quite extensive.

4. Keep a close eye on your data and conduct regular audits

From now on, data gathering, storing, protection and processing must be at the top of your priorities. You must make sure you are able to store the data in perfect safety and comply with the requirements of your clients or partners in case they want to vanish from your lists. Also, you must keep a completely transparent agenda and inform data subjects about everything that’s happening with their info. This is an on-going process and you must adhere to its norms no matter what.

 

What to make of everything

While at a first glance GDPR seems to be one more thing to do on your already busy list, it is, in fact, a way to protect all of us. Data security and privacy are becoming more and more vulnerable and it’s up to all of us to restore balance. We need to understand that in the era of information, data is absolute power. In the wrong hands, data manipulation becomes a piece of cake. A cake that’s very hard to swallow. So, let’s do the right thing. Among all of us, the Internet and Social Media can regain the positive power and impact they were always meant toc have. Let’s use our powers for good. There’s no other way!

Write A Comment