Putting GDPR Into Practice
It’s easy to see why the new GDPR legislation has thrown businesses around the world into a spin. Ascertaining whether or not your business needs to make changes in order to be GDPR compliant and then managing these changes can be a daunting prospect.
With big companies heavily promoting their data privacy and protection updates, investing and boasting about buzz recognition certs like SOC-2, ISO 27001, and the EU-U.S. Privacy Shield, knowing what your business needs to do can be overwhelming.
It’s good to keep in mind that these large businesses have had law firms and legal teams preparing their compliance for the past 18 months in preparation for the legislation.
What can I do to ensure my business is GDPR compliant?
Ensuring GDPR compliance within a business can be difficult to implement, enforce and educate teams when you have such a large scaled organisation, with a lot of data and plenty of room for error.
The first step is knowing if your business is physically based or has an entity in the EU. Finding out whether or not your business collects and processes the data from EU citizens is tricker.
Ask yourself these questions to judge the risk of breach and assess the levels of compliance necessary for your business:
Do you sell products or services targeting EU citizens?
Do you have data showing people in the EU bought your products?
Do you track digital properties such as a website or app with marketing tech tools, and is there a possibility or reality of an EU citizen landing on one of these properties?
Do you target EU citizens through marketing?
Have you in the past collected, or are actively collecting, data of EU citizens through surveys, or has an EU citizen emailed you or your business questions on products and services?
If you think there are chances of the above, then you need to assess your risk and decide what actions are necessary. Do you need to review your own data processing policies? Do you need a lawyer to review your privacy policies? All of these questions come back to your perspective on the relevance of these changes to your business and the risk inaction poses going into the future as GDPR comes into full effect.
Disclaimer: Sparkline are data people, not legal people. We recommend that you seek proper legal advice for any business decisions, just as we did!