Compliance with the General Data Protection Regulation
Since May 25 the General Data Protection Regulation – GDPR for short – has been in force for the European Union and all companies doing business there. Computer users have seen new privacy agreements on websites and in emails as companies start to comply. The GDPR can impose huge fines for non-compliance with its requirements. Andres Richter, CEO of Priority Software, lists nine steps for successful compliance.
- Find all customer data and connect it to a central depository.
- Track the process of lead generation and make sure to store the exact type of communications a customer agrees to receive.
- Train employees to store personal information in pre-defined tables and fields for easy portability.
- Have a clear list and procedures for deleting customer data. The “right to be forgotten” is an important part of the GDPR.
- Ensure all personal data is secured. Access should be restricted to employees who need the data.
- For data stored in the cloud, request the service provider’s procedures for GDPR compliance.
- Pinpoint the physical location of your customer data. Know the applicable regulation.
- Offer employees the right to access their data, the “right to be forgotten” and to withdraw consent to disseminate data.
- Have a process to notify everyone of a data breach.
Even if you don’t do business in the European Union, these are good procedures for data management and security.