Six Ways to Prepare for GDPR Right Now!
The European Union (EU) General Data Protection Regulation (GDPR) is just two days away from going into effect. Although it was passed in 2016, companies worldwide are scrambling to comply with the requirements intended to protect the privacy of EU citizens. It is estimated that only half of companies required to comply will be ready by the May 25th deadline.
In case this is news to you, the GDPR is a directive that kicks in on the 25th of May,2018. The new regulations set up data privacy standards to allow EU citizens more control over their personal data.
- Determine if GDPR applies to your organization
- Determine if your organization is a data controller or processor
- Document what type of data you collect
- Check your cookie privilege
- Update your privacy policies and terms of service
- Repaper Consent
An organization must comply with the GDPR if it collects or processes the data of European Union citizens, if the company has a business presence in the EU, or if it is marketing to EU citizens. This applies even if a business is based outside the European Union.
A data controller is a person or organization that collects data about EU residents. Data controllers determine the purposes, conditions, and methods of the data processing. If your organization is either one of these, then you should be working on your privacy policies, data handling procedures
It’s difficult to determine if GDPR applies to your organization if you don’t understand what type of data your organization collects and processes. EU Citizens whose data is being used by a company must be aware of this. They must be able to request access to what their data is being used for. Citizens have the right to correct their data. They also have the right to erasure, also known as the Right to Be Forgotten. This means they can elect to have their data removed from controllers and processors.
After determining what type of data your organization collects take an inventory of what cookies your website is using. If you are not sure, use an app like Ghostery to show you what cookies and trackers a website is running.
You may find that you need to obtain consent from your email subscribers. Personal data can only be used for the purposes that was stated when the user gave their consent. People will have to be informed and opt-in to receiving all content. They just opt into most cookies and tracking, including the third-party cookies of data processors.
Complying with GDPR is not as simplfied as this makes it sound. It is complicated process of compliance that needs to begin with understanding and documenting your data collection and processing activities. IF your organization is compliant with the older Data Protection Act (DPA), then complying with GDPR will be a bit easier.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers