GDPR : Get ready in 13 steps

Inform key people and decision-makers about upcoming changes, and evaluate the impact that the GDPR will have on the company or organization.

List all personal data you keep, note their source and list people with whom you shared them. Record your treatments. You may have to organize an information audit for this purpose.

Evaluate your existing privacy policy statement and make any necessary changes in light of the GPRD regulations.

Check whether current procedures within your company or organization are in conformity with  for all people rights, including the way in which personal data can be deleted or communicated.

Update your existing procedures and think about how you will now process access requests with respect to new GDPR deadlines.

Keep track of the different types of data processing you perform and identify the legal basis for each one.

Evaluate how you request, obtain and record people consent and make all necessary changes.

Develop systems to verify the age of people and ask the parent (s) or guardian (s) before processing minors’ data.

Provide adequate procedures to detect, report and analyze personal data leaks.

Get familiar with “data protection from the design stage” and “data protection impact analysis” and examine how you can implement these concepts in your business or organization.

If necessary appoint a data protection officer or a person who is responsible for complying with data protection rules. Evaluate the place this person has within your structure and within your company policy.

Determine which supervisory body you shourd report to if your company or organization is active wordwide..

Evaluate your existing contracts – especially with subcontractors – and make the necessary changes in a timely manner.