Is your company ready for the GDPR?

 



As some of you may know, the new General Data Protection Regulation (from now on (GDPR), began its application on May 25th 2018. This implies adaptations in the business environment, which are already being applied in many companies and will be implemented the same day.

Why this change?

In recent years there has been an economic and social integration of the Union’s internal market, creating a considerable increase in the exchange of personal data between private and public entities and individuals.

Another of the main reasons is the increasingly advanced technological evolution and its globalization, bringing with it a greater flow of information among citizens. This allows personal data to be used in a way that is difficult to quantify. Therefore, there is a need to provide greater protection to the end user when transmitting their personal data, thus requiring a more solid and coherent framework for data protection within the European Union.

But, where do I start to adapt my company?

As you could have deduced, all those companies that deal with personal data that are within the EU, as well as those that deal with citizens belonging to the EU, must adapt to this new regulation.

If you do not know where to start to start adapting to these changes, the UK data protection agency provides you with several free tools for this.
One of them is IT Governance GDPR compliance checklist, which you can download at the following link:

IT Governance GDPR Compliance checklist

If this has not been practical for your company, you will see that they also provide some steps to follow when making the adaptation. You can see them in the following link:

GDPR steps to follow




What steps should I take?

From Reviso, we recommend, first of all, that any questions you may have about the GDPR, as we talked before, consult with the experts of the UK Agency for Data Protection.

However, here are some tips on how to do it:

  1. The people who make up the company should be aware of this change. You should consider the impact that can have on the activity of your company and which departments can affect most.
  2. The origin most be know of all personal documents that are handled, the authorization to treat them and to know with whom and for what purposes they have been shared.
  3. Review the current privacy notices with which we work, as well as the procedures we have to collect personal information (an example would be the web form that is used to collect information from candidates for a job), and update them to the new regulation, with vocabulary that facilitates concise and clear language. This point entails the revision of the legal basis that we currently have for the processing of personal data, as well as the explicit consent.
  4. If we work with data of minors, these terms should also be reviewed and updated.
  5. Finally, if our company operates internationally, it must be determined to which data protection supervisory authority it must submit.

We know that new changes scare and sometimes cause more than one issue. However, our advice is that you get involved with this matter as soon as possible. 


Comments

Popular posts from this blog

The impact of social media in the workplace

Reflections on digitization

In-house accounting or tax consultant?