GDPR: Where Do I Start?
You’ve determined that your company needs to comply with the GDPR, but deciding on where to begin can be daunting. This section of the GDPR Portal will outline four compliance phases that will take your from square one to implementation and beyond.
PLAN – Take the important first step of bringing together key stakeholders from across your organization to create awareness and accurately assess your compliance needs.
- Build Your Team
- Consider Compliance Needs
Conduct Data Inventory
Data Flow Mapping
DO – Once you have designated your team and identified the compliance needs of your organization work to design and put in place appropriate policies and procedures.
C. Design & Implement Policies and Procedures
Cross Border Transfers
Respondent/Data Subject Rights
Technical & Administrative Safeguards
Data Necessity, Retention, Disposal
Data Security & Breach Response Planning
TEST – Review the policies and procedures your organization adopted by testing and evaluating their effectiveness.
D. Evaluate and Improve Policies and Procedures
IMPLEMENT & DOCUMENT – If your new policies and procedures are effective, fully implement them and document compliance! If not, revisit the plan, do, and check steps to improve upon what you tried.
E. Demonstrate Compliance
Ongoing record keeping
Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.
About the Author