Realize business value from big data with Infosys data analytics solutions.

« VISITOR/PROFILE STITCHING IN THE AGE OF GDPR | Main | Navigating your next Customer experience »

Given May 25 is round the corner, what do organizations need to do in view of GDPR?

Posted by Rohan Kanungo (View Profile | View All Posts) | April 27, 2018 7:36 AM

The EU General Data Protection Regulation (GDPR) comes into force in exactly 1 month, on 25th May 2018. As deadline is approaching, GDPR demands that organizations should be able to demonstrate compliance with its data processing principles.

For many organizations, it is not possible to achieve GDPR compliance by 25th May, 2018, if they have just started their GDPR implementation. In such situation, companies should concentrate on how to prioritize those areas of GDPR where failure to act would leave organizations with potential penalties. Companies must be able to show the proof that they are taking appropriate measures to comply with the GDPR regulation.

Let's look at 5 key areas which organizations should focus on in order to bring their company on right GDPR path in a quick way.

1.     Be ready with GDPR implementation plan

Organizations should make sure that overall strategy for GDPR compliance is in place. It is important to demonstrate a road map & commitment to address GDPR requirements complimented by the tools, technologies and resources. GDPR implementation plan should be able to give clear picture of:

  • Where personal and sensitive data is stored?
  • How the data flows within and outside the organization?
  • Personal data collection, generation and processing practices
  • Roles and responsibilities; governance and accountability
  • Required changes in internal/external processes and privacy documents
  • Training and Education Program

 2.     Make sure data breach response procedure is in place

As per GDPR, data breaches must be reported to customers and the data protection authorities within 72 hours following the discovery of the breach. That's why it is important for the organizations to ensure that they have an efficient system in place to detect and react to any breaches in a timely and effective manner. As GDPR enforcement is right around the corner, companies should at least ensure that policies and procedures are in place to identify, inform and inspect breach within the timeline.

3.     Designate a DPO (Data Protection Officer)

If organization is a public body, systematically monitors data subjects on a large scale or handles special categories of protected data then they must employ a Data Protection Officer (DPO). DPO acts as a point of contact and should be fully resourced and supported to lead company's GDPR compliance program. So, it's a good way to show that organization is on right track of GDPR compliance journey.

Even if organizations do not officially need to appoint a DPO under the terms of the regulation, they should ensure sufficient staff with designated responsibility to deal with compliance.

 4.     Be ready to deal with data subject's personal data requests

According to the GDPR, individuals have the right to access their personal data, the right to correct inaccurate personal data, the right to have personal data erased, the right to restrict the processing of their information and the right to move personal data from one service provider to another. Organizations must be able to demonstrate that they can respond to a data subject's personal data requests within the time frame. Organizations should make sure that plan is in place to validate and identify requesting data subject, provide platform for data subjects to create all type of requests and respond to their requests within time frame. Organizations should update their privacy policy and notices and let the customers know how they are planning to handle their requests.

 5.     Conduct GDPR training programs for employees

It requires lot of effort by every organization to build data protection into its culture and into all aspects of its operations. Employees need to be actively engaged in and supportive of the GDPR compliance project. Creating GDPR awareness by conducting training and education programs plays a vital role here.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.