Why You Need a Good GDPR Implementation Plan
In May of 2018, GDPR enforcement goes live. Does your company have a good GPDR implementation plan? Here’s why you need one, and the best way to get started.
On May 25 of this year, the European Union will put the General Data Protection Regulation into effect. It will be a huge regulations overhaul, and two-thirds of U.S. business expect to make significant changes because of it.
So what do you need to know to set up a GDPR implementation plan? Read on to find out.
What is the GDPR?
The GDPR will increase protections on the personal data of European citizens. It lays out a set of digital security rules that apply in each of the 28 European Union member countries, and apply to any company that deals with the data of European citizens. If any of your users are Europeans, or you want to have European users in the future, you need to have a GDPR implementation plan.
If you don’t comply with GDPR, you can expect fines equal to 4% of your company’s annual revenue or 20 million euros, whichever is more.
What Are the Requirements?
To understand the GDPR, think of it as a set of “digital rights.” Each European citizen will have the right to:
- have their data erased (the right to be forgotten).
- access their data.
- modify their data.
- move their data to a different IT environment.
Your company needs to provide these services free of charge and in an easy to understand way.
In addition, the GDPR mandates that your company provide a reasonable level of protection for users’ personal data. However, it doesn’t define what “reasonable” means.
Most likely, the courts will define a standard over time by penalizing companies and setting precedents. For now, it’s better to be safe than sorry.
Your GDPR implementation plan is a great opportunity to update your company’s security infrastructure. These are changes you should make anyway if you want to compete in today’s data-driven business climate.
But making these changes internally won’t be easy, especially if you run a small company. Don’t be afraid to hire outside help. A professional data protection officer (DPO) will provide specialized expertise without bias.
With the help of your DPO, you’ll want to do a complete data audit of your entire system. Map out all the locations where you store users personal information and all the other companies with which you share that information.
Your employees might use mobile apps to deal with users’ data, make sure that these apps are GDPR compliant and talk to your employees about the importance of GDPR compliance.
Be careful and thorough. Your data system is probably large and complex, but you need to ensure that every piece of it complies with GDPR.
You’ll also need to comply with GDPR rules about legal consent. You must display terms and conditions in an easy to understand way, and users must actively consent to them; that means no more checking checkboxes by default.
The GDPR also treats children’s data differently than adults’ data. That means that anytime you’re asking a user for personal data, you must also ask for their age. Under the GDPR, children under 16 need parental permission to hand over their data.
Initiate Your GDPR Implementation Plan Today
Time is running out. Make the necessary changes now or pay the price in fines and lost customers.
You can make your company GDPR compliant, but you need to make it a priority. Contact us for help at any step of the way.