Countdown to GDPR #10: A GDPR Compliance Checklist
We’ve made it all the way to number 10 in our blog series, and just in in time for Friday, May 25, 2018, the date the GDPR will become enforceable. But relax, we’re here to provide you with peace of mind in the last blog of our GDPR series with tips and pointers to keep you GDPR compliant — on May 25, and beyond.
Your GDPR Compliance Checklist
Let’s walk through the key GDPR requirements:
- These two articles – the Right to Be Forgotten and Privacy by Design and by Default are amongst the most significant . Apart from checking that your product/service design takes them into consideration, your Customer Communication and User Experience should actively seek customer consent with clear affirmative action and active opt-ins.
- Organization-wide training and education on the policies and implications and GDPR involving engineering, management, design and legal teams would help to kickstart and sustain your GDPR compliance. Even so, GDPR requires that you designate a Data Protection Officer (DPO) to manage the planning and implementation of GDPR-compliant data protection policies.
- Update your Data Security and Privacy Policies to comply with the GDPR. The policies should be enforceable, concise and easy to understand.
- Understand that GDPR protection spans all data “touchpoints” – collection, processing, transfer, manipulation and deletion. Data Transfers to third countries is permissible only if “adequate levels of protection” and “appropriate legal safeguards” are in place, as deemed by the GDPR.
- Utilizing a new technology or process? Assess high-risk projects with a thorough Data Protection Impact Assessment
- Understand well the GDPR Impact on SaaS Providers, particularly as “shared accountability” and “join liability” between data controllers and processors are strong buzzwords with GDPR.
- GDPR Preparation in Practice? As of February 2018, all Spanning products and services are compliant with the GDPR. Here is quick overview of Spanning’s Preparations for GDPR.
Keep a GDPR requirements list close by!
As we have reiterated before, GDPR compliance is an ongoing journey and in many ways the interpretation of its articles will significantly evolve after it takes effect. So continue to keep a check on these aspects:
- Keep an Eye on Data: Continue mapping incoming and outgoing data flows, and granularly account for specific data types. Determine what data is solely meeting a processing function, and where your organization is considered a controller of data.
- Share Accountability: Coordinate with platform partners, third-party vendors, SaaS providers, etc. to ensure that the thread of compliance remains unbroken.
- Put the Customer at the Center: Work with your customers via surveys and/or focus groups to get a better understanding and acceptance of what compliance means to them. Develop an internal process and solution to meet your customers’ needs while complying with the intent of the regulation.
- Backup your Data, it is a Lifesaver!: GDPR mandates “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”, which is essentially having a reliable backup and quick restore solution. Data loss due to malware, human error or malicious intent is a growing threat, especially in view of compliance laws like GDPR. Save yourself the stress and hassle with a solid backup and restore solution like Spanning.
Read the entire Countdown to GDPR series to date:
Part 1: Right to Be Forgotten
Part 2: Privacy by Design and by Default
Part 3: Designating Data a Protection Officer (DPO)
Part 4: Customer Communication and Experience
Part 5: Data Security and Privacy Policies
Part 6: Data Transfers
Part 7: Data Protection Impact Assessment
Part 8: What is the GDPR Impact on SaaS Providers?
Part 9: How is Spanning Preparing for GDPR?