25th May has almost dawned up us and the moment we all have been preparing for is here! As you may have noticed from reading the latest tech news and emails, the implementation of GDPR law begins from 25th May 2018. By now you must be aware of the potential for heavy fines with the enforcement of this law. If you haven’t still begun making the necessary changes, here is a last minute checklist to ensure your organization is compliant with GDPR.
Create a DataMap
According to the Article 30 of GDPR, data controllers and processors should have a record of processing containing certain high-level attributes such as the purpose of processing, a description of categories of the data subjects etc. Create a detailed data map to track the flow of your data elements. If you don’t have a data map in place life could become more difficult while responding to a personal data breach or a data subject breach. Along with this, a data map can also be useful for improving your understanding of the scope of GDPR.
Privacy by Design
A start to end data protection policy can help make your organization compliant with GDPR. This should include everything from ensuring the data security to deleting this data from storage. Since there is absolutely no time left, a short-term solution is to conduct an audit of the security you already have in place. Quickly implement changes to any weaknesses you find in your security system. Make minor changes such as obtaining an SSL certificate, backing up your website data, ensuring your firewall is in place and scanning your email and website for any viruses. If you feel your passwords are weak, now would be a good time to change it to a strong one.
Tweak your privacy policy according to GDPR laws
Many organizations have made changes to their existing privacy policy to be in-line with GDPR requirements. If you still haven’t updated your privacy policy. Now, is the time you should start working on it! Privacy policies are useful for explaining your users how and why are you collecting their data and how it is used. After correcting and updating your privacy policy, you should notify your customers and clients by email that includes a link to the amended privacy policy.
SEE ALSO: Everything You Need to Know about Making Your Business GDPR Compliant
Update other policies
If your website consists of other policies such as terms and conditions or cookie policy, that include the use of personal data, make sure to update them in accordance with GDPR. While previously just loading a website’s landing page or scrolling through it was enough to establish consent, GDPR has changed this and a visitor needs to give his content freely, specifically in an unambiguous manner.
Include your HR in the automated profiling decisions
If your business consists of making automated decisions based on data profiles, then GDPR is about to change it all. Following the enforcement of GDPR, individuals can refuse to be the subject of a decision that is based on the automated processing.
With a deadline approaching sooner than later, it is important to begin addressing the changes that will be imposed by GDPR. In case of any queries, you can even check out the Guide to the General Data Protection Regulation for more information.
Keep reading iTMunch for the latest news, updates, and blogs.
