3 ways to prepare for GDPR
GDPR is the acronym on everybody’s lips. And for the right reasons, as this is one EU regulation that spreads its tentacles all around the world.
If you can see past the apocalyptic aura created around May 25th, you will realise that GDPR is not aimed at shutting down businesses and putting economies on hold until companies get their act together, as also explained here. GDPR aims to increase data protection during times when more and more personal information is shared online and to raise awareness among companies and citizens, so that the impact of any potential breach is as minimal as possible.
In general, the best places to start reading about GDPR are websites like Information Comissioner’s Office or ANSPDCP, which should cover anything you need. And once you start digging, you will quickly learn that there are three steps you should be taking irrespective of the scale of your business.
- Firstly, understand what Personally Identifiable Information (PII) you hold and process, where and for how long. To confidently take any steps towards compliance and change the way you collect, store or process data, you must sit down with all your teams and run a full audit on your PII. Do not underestimate the amount of effort that goes into this.
- Once that is done, perform the risk analysis and share the conclusions with the relevant stakeholders. You must identify, evaluate and prioritize the risks found, so that you can mobilize company resources to minimize, monitor, and control the probability or impact of unfortunate events. And getting this done right makes the difference between failure and success.
- Finally, check your practices and your existing consents and refresh them if they don’t meet the GDPR standard. Consent requires a positive opt-in, must be explicit, specific and “granular”, simple to understand and easy to withdraw from. GDPR sets a high standard for consent and you should too.
Of course, these aren’t the only steps to take, but they cover a lot of ground and you should act quickly to get them done, because what few people are telling you is that GDPR is already here. 25th of May is not the day to start doing things right, it is the date when control bodies will start looking to see if you are. The date when you should start doing things right is today. And if you document everything you do and understand that being compliant means showing you adhere to this conduct every day in your business operations then possibly, in the event of a breach, it might just be what saves you.
Andreea Baloi is a Contributor on Outsourcing Advisors
Andreea is a bold and brutally honest IT professional, with over 10 years’ experience in Management and more than 5 running Business Operations. Her background lies in customer support, where she strives to achieve excellency in offering assistance, while inspiring and helping her team to build the skills and strategies needed to develop and grow their IT careers.
Andreea is really passionate about women empowerment, leadership and personal growth, and she’s constantly using her online presence to raise awareness about these topics. She enjoys reading and uses writing as a form of meditation and expressing creativity. When she’s not working, Andreea spends time with her friends and family, usually trying to get her 10-year old nephew to still enjoy her company. You might also find her travelling to new places, doing yoga, watching NETFLIX or occasionally going out dancing.