Despite the deadline for GDPR passing, compliance is always ongoing. In this new GDPR world, there is still much uncertainty about some of the technicalities of the regulation, and many organisations are still not fully compliant. Whilst there may be some initial leniency from regulators in the early stages of legislation, breaching GDPR could still result in fines of €20 million or 4% of annual turnover, whichever is greater.
Kindus provides support and advice throughout the migration to GDPR compliance. This runs from a gap analysis, identifying areas for attention through data security provision, advice and staff training. Here are some of the main steps needed to become GDPR-compliant:
- Awareness – Ensure all staff are aware of the requirements of GDPR and how it will affect their working practices.
- Privacy – Review your existing data privacy procedures and ensure they will meet the new GDPR standards.
- Right to be forgotten – Consider how you will identify and delete personal data when requested.
- Access requests – How will individuals’ data access requests be handled within the GDPR legislation time frame?
- Consent – Has this been granted, and are existing procedures robust enough for GDPR?
- Data loss – Ensure that appropriate measures are in place to protect personal data.
- Privacy by design – New procedures for data gathering will need to ensure that personal data is protected as it is gathered.
- Data controller – Someone must be appointed to oversee and take charge of the new data protection procedures.
For more information on GDPR, please read our blog post on the ways organisations are responding to the demands of the regulation.
The aftermath of GDPR