With less than 9 months to go until the GDPR “go live” date is upon us, final checklists should be in place to ensure compliance.
Each business should have a Data Protection Officer (DPO) in place, who is fully briefed on your business and up-to-date with all the GDPR requirements that will impact not only your business, but how you do business. Regulators will start enforcing in 2018, but we recommend you undertake some trial runs over the coming months, to ensure that your data protection systems and processes are completely watertight and compliant with the more stringent rules of GDPR. Ideally your DPO will have a background in privacy, legal, security, marketing, and customer experience.
Whilst the requirement for businesses is to be compliant, customers will expect far more than basic compliance standards. Therefore, to meet customer’s expectations, you will need to be able to demonstrate that GDPR practices are at the foremost of all staff’s minds in any dealings with customers. Customers need to feel safeguarded and protected when dealing with a business – your business. Customers are more aware than ever before of their rights and will have questions about the way you store and use their data. You need to ensure your staff can deal with these questions with confidence and conviction to maintain strong levels of trust.
Staff training will be critical in helping them to deal with the proper handling of sensitive data and mitigate against risk. Whilst they may never be needed, a prudent approach is to also maintain an incident record and put in place an incident response plan.
In the event of an audit down the line, you will need to be able to provide supporting evidence of your training and control procedures; proof that these procedures are being audited and that records of any violations and corrective actions taken are being kept. If you do not keep records of how you are protecting sensitive data you may be subject to a fine should an incident be identified.
Keeping abreast of any continuous developments in GDPR requirements is also key. Having a DPO and a project team to handle new legislation and to create policies and procedures is important. Human error cannot be avoided, so it might be time to take a look at how your business can streamline or automate some tasks in order to reduce inevitable risks.
Make sure you understand your obligations. Look at the checklist prepared by Global Hub Data which will help you in protecting your business.
With offices located in Dublin, Athlone, Galway, Carlow and Waterford, our team are well placed to find you your dream job. Why not register your CV now and get in touch with a member of our team to discuss your next move.