May 10, 2017

How to Create a Calendar for GDPR Compliance

Complying with the new General Data Protection Regulations (GDPR) will be a big deal for companies that do business in Europe. The GDPR provisions go into full effect in May of 2018, so it's vital to begin planning now for full compliance. Here's a breakdown of how to bring your systems and practices up to speed in a timely manner. You have one year to achieve compliance, so you can conveniently break the process into quarters.

How to Create a Calendar for GDPR Compliance : eAskme
How to Create a Calendar for GDPR Compliance : eAskme
Other people are reading : Africa’s Economic Momentum Is Technologically Revolutionizing The Region

Quarter One: Measure the Scope of the Changes You Need to Make

The first step is to understand how far you have to go to meet the new criteria. If you don't already have a crystal-clear understanding of the GDPR and how the new standards will impact your business, then this is where you should begin. Learn about the provisions that will impact your business, and talk to people inside your organization to get a sense of how far your current practices are from meeting the standards. Be sure you understand what changes you need to implement to be in compliance. Make a list, broken down by department or function, of the ways your current practices fall short.

Quarter Two: Craft a Plan to Meet the Standards

Use the data you've collected to communicate the urgency and scope of the problem to your board and to anyone else whose support you will need.  Then roll up your sleeves and start crafting a plan. Make sure to cover key areas like ensuring vendor compliance and rewriting all your online forms to include compliant opt-in language. Name one person to be responsible for overseeing the implementation of each piece of the plan, and give them solid deadlines and interim goals so you can track their progress. Consider outsourcing some of the work if you don't have the expertise in-house

Quarter Three: Change Your Opt-in Language and Start Vetting Vendors

The easiest step to implement early is the legal language in your forms. Have your attorney draft new language that meets the more stringent GDPR criteria and incorporate it into any forms where you collect information. Discuss with your attorney how to handle existing data that was collected using older language. Also, prepare your systems for removal requests — the new standard requires that you completely remove user data from your system if the customer requests it, so you'll need a new system for handling those requests. You can also start surveying your vendors at this time to make sure they have plans in place to be GDPR compliant in time.

Quarter Four: Implement Changes in Your Systems

Don't wait until May 2018 to put your new systems in place. Start implementing any hardware, programming, or cloud-based storage changes in the months leading up to the deadline. If you implement all the changes at once, it will be impossible to track down the source of any bugs or glitches. Test each change before you implement the next one.

The GDPR rules are intimidating because the consequences for violating them include fines serious enough to destroy a business. Breaking the process into these quarterly steps will help ease the transition.