Getting ready for the GDPR means, for example:
- Revise (or create) your internal privacy policies as well as privacy notices to end users
- Register with the applicable authorities in the EU
- Appoint a DPO
- Be prepared to respond to data subject requests fully and in a timely manner
- Create documentation that will support your accountability obligations under the GDPR
- Assess and if required, change data flows, access controls and processes in your organization
- Assess and implement data protection measures that may not be in place currently
- Conduct DPIA (Data Protection Impact Assessment) to determine risk and vulnerabilities
- Re-think how you design new products, by making privacy one of the considerations taken into account
- Train and keep your employees well informed and aware of privacy considerations in any action or operation they are involved in
- Assess your partners and vendors, to ensure you are working with third parties that are also GDPR compliant
These are of course only examples, and each organization that is bound by the GDPR must make sure to set its own “to do list”, towards achieving GDPR compliance. Please visit our “Services” section [link] to learn more on how we can help you get ready and keep ongoing compliance with the GDPR.