GDPR Compliance Checklist
On May 25th, 2018, an ominous ruling about personal data security took effect in the European Union. Named the General Data Protection Regulation or GDPR for short, it spells out requirements for protecting personal data and privacy of all EU citizens conducting business in EU states.
Requirements for continuing and ongoing compliance of GDPR have companies wringing their collective hands about how to accomplish this and avoid heavy financial penalties. Like it or not, it’s here and compliance is mandatory.
What Made GDPR Necessary?
In the 1950s, principles of protecting personal data were implemented at the EU convention on human rights. From the convention came a basic requirement that everyone deserves the right of respect for their private and family life.
In the early 1980s, automatic processing of personal data prompted the Data Protection Act of 1984. This period saw a rapid increase in computers and with it, data collection and processing saw exponential growth.
The massive growth of personal data collection overwhelmed systems designed to protect it. New legislation with the name of the Data Protection Directive of 1995 created rigorous minimum standards designed to help ease the proliferation of data across EU borders.
The Data Protection Directive also aligned US data protection laws with EU laws to ensure compatibility. As the new directive settled in, the UK legislated their version named the Data Protection Act of 1998. Following close after were similar directives from Germany, and then from France.
Creation of GDPR
The tax laws found continuum across all countries, but lack of compatibility created bottlenecks and in response, the creation of GDPR became a reality. After many years of writing and thousands of amendments dealing with jurisdictions, the final version is now in effect.
GDPR applies to any company holding personal data of an EU citizen. As stated earlier, compliance is mandatory.
GDPR Compliance Checklist
Five steps to comply may not seem like much, but each step has its own requirements. Each step is mandatory and must be taken seriously.
Five Step GDPR Compliance Checklist
- Make everyone in your company involved understand the urgency of GDPR and its requirement up front. If you operate or do business within the EU, this is your issue, too. It means creating a new position for a Data Protection Office or DPO, to maintain compliance.
- Effective and full compliance means having your whole company involved and updated on GDPR rules and regulations. Your new DPO should organize a group designated for rolling out GDPR compliance from top to bottom in your organization. Full funding and commitment in place help facilitate smoother adoption of rules throughout the company.
- By now, all involved should have a firm grasp on procedures going forward. One major step to compliance is an audit determining what personally identifiable information or PII, is collected or shared, and reasons for it.
- A strict 72-hour window mandated by GDPR for incident response requires a separate process and made a part of your company’s internal processes. Your DPO has this responsibility and determining third-party vendor risks after a thorough assessment.
- New-hire training adjustments and technical training for senior staff is a priority for ongoing compliance. Mandatory annual security training ensures readiness. Continuous auditing of customer PII with a strong privacy team and your DPO will keep your company compliant. Always be thorough and detail oriented. Nothing gets overlooked.
Penalties for GDPR Non-Compliance
Remember GDPR compliance isn’t something to gloss over. It could cost your company millions. Companies risk a hefty fine up to 4% of annual global turnover, up to €20 million or approximately $22.7 million USD for its most serious infractions.
Protection of personal data is a serious issue everyone should address. Data breaches happen far too often with devastating circumstances involving stolen PII files of millions of innocent people.
Make sure you understand the elements of the GDPR compliance checklist mentioned above to ensure your business complies with the new GDPR law.
Ready for the next step?
Regulations & Compliance
Ensure that every solution you use is safe, secure and compliant with ever-changing GDPR, PSD2 and other personal data standards and regulations. Our authentication solutions take care of that for you.