Checklist for the GDPR Preparation

We all know that GDPR is only a year ahead of us and we have to do many things to get ready. To make sure your organization hits all the important aspects of this topic I am happy to share this GDPR Preparation checklist with you.

GDPR Preparation 

This checklist was published in an earlier stage at GDPR Associates.

GDPR Associates 

An Association of experts around the globe brought together to assist clients to better understand the implications of GDPR, to share knowledge, advice & guidance.

We are experts in identifying the technology, talent, legal and auditing skills you need to ensure you have a complete, secure, defensible GDPR strategy, allowing you to focus on building your brand, customer, employee and supplier confidence in the digital economy, whilst mitigating the impact of any potential data breach.

The Checklist
Assess current Data systems, policies and procedures
  • Be aware of what kind of data is held, where it is stored and how the protection is set up. What kind of software and technology is in place to protect data?
  • Review the current data-related policies and procedures, including encryption, remote access, mobile devices, sensitive information, HR exit procedures, third parties and data breach notifications.
  • Consider requesting a third-party data security company to carry out an objective assessment.
Identify risks and gaps to meet the GDPR requirements
  • Are the current systems, policies and procedures adequate to protect data? Are there any risks of data breaches?
  • Individuals’ rights – are there systems in place to transfer personal data to other companies and to delete personal data if requested?
  • Are requests for permission to use customers’ personal data clear on the purpose and period of time?
Identify solutions and create a timeline to implement them
  • Research suitable solutions for any identified risks or gaps.
  • Solutions must be implemented before the GDPR comes into force.
Designate a Data Protection Officer or lead contact
  • A Data Protection Officer can be appointed if mandatory for the business. Or an internal lead contact person can be appointed for data protection initiatives and to communicate with the Data Protection Authority.
  • The Data Protection Officer or lead contact should communicate with senior management to discuss data protection strategies and for approval.
Staff training and awareness
  • Ensure that the staff  is aware of the importance of data protection and any new processes to comply with the GDPR.
  • Ensure internal teams communicate with each other to maintain data protection, such as IT, Security, Legal and Compliance teams.

I hope this GDPR Preparation Checklist will help you to grow your strategy around the regulations. There is no avoiding possible. Try to make this part of your data strategy instead. With the right communication you can be able to turn this regulation challenge into commercial benefits.