Though it has been a while that GDPR implementation, several companies still have a vague idea about it. This increases the risk of attracting unwanted penalty fees. In this article at Forbes, Manuel Grenacher discusses 5 ways to handle GDPR like a boss.
The GDPR Dilemma
General Data Protection Regulation or GDPR empowers EU citizens to control how their data is used by European businesses. If external firms work with these businesses, those too need to follow the law. Following are the 5 ways by which you can avoid hefty GDPR penalties:
Ask Before Using Data: Instead of spending hours analyzing which data is safe for use, ask customer permission in easily comprehensible words. GDPR insists that you have their consent before using their data by explaining the purpose and period of data usage and storage. If your purpose changes by the time customer approves your request, you must reapply. However, the customer can withdraw any time and you must act upon it within a satisfactory timeframe.
Get a DPO On Board: Data protection officer or DPO will allow you to comply with the GDPR law better. Any company with over 10 employees should hire a DPO that will regulate, organize, and process data based on categories.
DPIA Is Mandatory: Before you start off any project that would leverage customer data, implement data protection impact assessment (DPIA). This audit lets you understand how your processes would affect customer privacy. DPIA ensures that you are not infringing any rights, calculates the pros and cons, and checks out the mitigation strategy.
Notify Breaches Immediately: GDPR requires you to inform any data breach to customers within 72 hours of its detection. Invest in advanced tools to find out about the breach at the earliest. Revamp your security policies and keep training employees to avoid losing your hard-earned revenue and reputation.
Delete Data When You No Longer Need It: The law enforces that you delete the data when you no longer need it, as per the ‘data minimalization principle’. If the customer wants you to delete data before you have completed using it, you must oblige. Check that you have deleted the data from shared folders and databases as well.
To view the original article in full, visit the following link: https://www.forbes.com/sites/forbestechcouncil/2018/06/04/gdpr-the-checklist-for-compliance/#70acacc55bec