GDPR’s First Impressions in European Companies
In order to understand how the journey of practical adaptation to the new data privacy laws will be, a good alternative is to look at how the adaptation to GDPR in Europe was. Where did the companies start their course and what measures did they take to comply with the GDPR?
1. Read the law and discover the objective, requirements, and penalties of GDPR.“You cannot prosper in GDPR if you don’t understand it. Reading the legislation, articles, and participating in discussion forums, as well as spreading this knowledge to the rest of the company. Sorry, but just reading a few short articles is not enough”, CMO of HEXONET Services Inc. Tony Kim.
2. Map the data (WHAT, HOW AND WHERE) and ask for consent
Did you receive consent to collect user data? If you’re not sure, send a notice to customers, explaining what data you’re currently collecting.
How is this data collected? You must notify users of the data you are collecting, the reason, and what you are doing with the data. Users must consent and be able to access and/or delete this data at any time.
Where is this data stored? Companies must inform users where, for how long the data will be stored, and how it will be kept confidential.
“Information is power, but sometimes less is more. To achieve GDPR requirements, it is important to focus on what you really need to do your job, ”Sophie Miles, CEO of CalculatorBuddy.com.
3. Hire professional assistance
The GDPR requires organizations to hire specialized professionals, such as the Data Protection Officer (DPO). Data protection lawyers may also be required.
Robert Rauch, President, and CEO of RAR Hospitality say: “There is an important difference between a“ technology specialist ”and an IT specialist. Immediately after hearing about the GDPR, we hired an IT specialist with experience in the industry. There were two areas we focused on: GDPR and Compliance. ”
4. Update the Privacy Policy and Documentation
The most important thing about GDPR is its commitment to privacy. To ensure compliance, the company must document all processes, people, reviews, audits, and problem handling.
“As a BlackBerry DPS, I have been working with a cross-functional cybersecurity and legal support team for some time. We have kept records and documentation of our compliance efforts and updated our internal policies and processes to ensure that privacy is built into our thinking, from the way we develop our products to the way we engage with our customers, ”David Blonder, global director of data protection at BlackBerry.
“We have updated our Privacy Policy and End User Subscription Agreement. And to give visibility to how we process data, we have also created a new Data Processing Agreement with additional information about security, your right to have personal data, and more.”, said Zak Pines.
“Having a documented data map helps a lot to have” demonstrable proof “of efforts to comply with the legislation”, he added.
Read More: Articles in Data Security
Comments