Are you ready for the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation, also know as GDPR, goes into effect May 2018. To help you prepare, we’ve put together a high-level checklist of things you should be doing to ready yourself for this new EU regulation.
Things You Should Be Doing:
1. Raise awareness of the importance of GDPR compliance with organization leaders
2. Review existing privacy & security efforts to identify strengths & weaknesses
3. Identify all the systems where the organization stores personal data & create a data inventory
4. Create a register of data processing activities & carry out a privacy impact assessment for each high-risk activity
5. Ensure privacy notices are present wherever personal data is collected
6. Implement controls to limit the organization’s use of data to the purposes for which it collected the data
7. Establish procedures to respond to data subject requests for access, rectification, objection, restriction, portability, & deletion (right to be forgotten)
8. Enter into contracts with affiliates & vendors that collect or receive personal data
9. Establish a privacy impact assessments process
10. Administer employee & vendor privacy and security awareness training
11. Compile copies of privacy notices & consent forms, the data inventory & register of data processing activities, written policies & procedures, training materials, intra-company data transfer agreements, & vendor contracts
12. If required, appoint a data protection officer & identify the appropriate EU supervisory authority
13. Conduct periodic risk assessments.