|How to Create a Calendar for GDPR Compliance : eAskme|
Quarter One: Measure the Scope of the Changes You Need to MakeThe first step is to understand how far you have to go to meet the new criteria. If you don't already have a crystal-clear understanding of the GDPR and how the new standards will impact your business, then this is where you should begin. Learn about the provisions that will impact your business, and talk to people inside your organization to get a sense of how far your current practices are from meeting the standards. Be sure you understand what changes you need to implement to be in compliance. Make a list, broken down by department or function, of the ways your current practices fall short.
Quarter Two: Craft a Plan to Meet the StandardsUse the data you've collected to communicate the urgency and scope of the problem to your board and to anyone else whose support you will need. Then roll up your sleeves and start crafting a plan. Make sure to cover key areas like ensuring vendor compliance and rewriting all your online forms to include compliant opt-in language. Name one person to be responsible for overseeing the implementation of each piece of the plan, and give them solid deadlines and interim goals so you can track their progress. Consider outsourcing some of the work if you don't have the expertise in-house
Quarter Three: Change Your Opt-in Language and Start Vetting VendorsThe easiest step to implement early is the legal language in your forms. Have your attorney draft new language that meets the more stringent GDPR criteria and incorporate it into any forms where you collect information. Discuss with your attorney how to handle existing data that was collected using older language. Also, prepare your systems for removal requests — the new standard requires that you completely remove user data from your system if the customer requests it, so you'll need a new system for handling those requests. You can also start surveying your vendors at this time to make sure they have plans in place to be GDPR compliant in time.
Quarter Four: Implement Changes in Your SystemsDon't wait until May 2018 to put your new systems in place. Start implementing any hardware, programming, or cloud-based storage changes in the months leading up to the deadline. If you implement all the changes at once, it will be impossible to track down the source of any bugs or glitches. Test each change before you implement the next one.
The GDPR rules are intimidating because the consequences for violating them include fines serious enough to destroy a business. Breaking the process into these quarterly steps will help ease the transition.