Meeting the GDPR Obligations
Protecting data subjects’ fundamental right to privacy is essential to operating in the digital age. We understand that meeting the requirements of the GDPR is difficult, yet critical to the continued success of your organization. Our goal is to be a collaborative partner for our customers to help them stay ahead of the regulatory curve.
Where Do I Begin?
GDPR compliance is a journey and being fully compliant will take time. The best way to begin compliance is to break the work down into manageable activities. Here are a few suggestions.
Understand the Regulation, determine if it applies to your organization, and don’t go at it alone (work with an expert).
Assess your posture against the Regulation. Identify the type, category, and location of the data you process. Create a data inventory and data flow diagram.
Determine and document the lawful basis for your processing activities under GDPR.
Document the required information as stipulated by GDPR and put a plan in place to maintain this information.
Review current privacy notices and put a plan in place for making any necessary changes for GDPR compliance.
Establish procedures for addressing requests from your data subject, keeping in mind the one-month time constraint.
Review your current breach notification process and put a plan in place to adhere to the 72-hour requirement.