The outcomes of recent surveys by Exchange Wire, Calligo and McAfee, among others, indicate that many data professionals, and their groups, are not ready for the General Data Protection Regulation (GDPR). Any group or company that is slow in preparing need to act quickly, in order achieve compliance by by May 25 2018.
Many organisations may not have much to do, if they adhere with existing legislation. However, GDPR is stricter, so it is vital to review current policies and procedures, and make sure that they adhere to these.
All groups should examine the data they hold including what the data is, how it was gathered and what it is being used for. This helps to deduce if it adhere to GDPR. A data audit may be required.
It is critical to ensure that people’s rights, as outlined in the GDPR, are considered. These rights include:
- Access to subjects
- Inaccurate data correction
- Option of data erasure
- Option to decline direct marketing.
- Automated decision making Prevention
- Portability of data
All of these points are covered in current data protection legislation, apart from data portability. This allows everyone the right to get full details of data held on them, using electronic mediums.
As GDPR is introduced companies will not no longer be able to charge for a SAR, and they will need to process it within 40 days.
All groups should record the legal basis it has for processing all of the data that it stores. Groups with over 250 staff must have a data protection officer (DPO) employed.
While getting ready for the introduction of GDPR it is recommended that organisations check the latest information provided by the relevant supervising authority (SA). Additionally they should examine all of these considerations, as part of their strategy to achieve compliance. If they do not do this that may be subject to fines and other financial penalties.