Articles

25Sep

GDPR: Where Do I Start?

You’ve determined that your company needs to comply with the GDPR, but deciding on where to begin can be daunting. This section of the GDPR Portal will outline four compliance phases that will take your from square one to implementation and beyond.

PLAN – Take the important first step of bringing together key stakeholders from across your organization to create awareness and accurately assess your compliance needs.

  1. Build Your Team

Identify Stakeholders

Create Awareness

Get Buy-in

  1. Consider Compliance Needs

Conduct Data Inventory

Data Flow Mapping

DO – Once you have designated your team and identified the compliance needs of your organization work to design and put in place appropriate policies and procedures.  

C. Design & Implement Policies and Procedures

                                                Consent

                                                Cross Border Transfers

                                                Respondent/Data Subject Rights

                                                Technical & Administrative Safeguards

                                                Data Necessity, Retention, Disposal

                                                Data Integrity

                                                Data Security & Breach Response Planning

TEST – Review the policies and procedures your organization adopted by testing and evaluating their effectiveness.

D. Evaluate and Improve Policies and Procedures

                                                Impact Assessments

                                                Audits

IMPLEMENT & DOCUMENT – If your new policies and procedures are effective, fully implement them and document compliance! If not, revisit the plan, do, and check steps to improve upon what you tried.

E. Demonstrate Compliance

                                                Ongoing record keeping

                                                Audit trail

Disclaimer: The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.

About the Author

Related

California Chamber Sues for More Time for CPRA Compliance

California Chamber Sues for More Time for CPRA Compliance

On March 30, 2023, as rules implementing the California Privacy Rights Act (CPRA) were finally appro...

Read More >
IA Comments on Risk and Cybersecurity in New California Rulemaking Process

IA Comments on Risk and Cybersecurity in New California Rulemaking Process

Even as regulations implementing the new California Privacy Rights Act (CPRA) were being finalized, ...

Read More >
NTIA Policy and Cybersecurity Coordination Act - H.R. 1345

NTIA Policy and Cybersecurity Coordination Act - H.R. 1345

The House Energy & Commerce Committee recently passed the NTIA Policy and Cybersecurity Coordination...

Read More >
Fighting for You: March 2023 Legislative & Regulatory Update

Fighting for You: March 2023 Legislative & Regulatory Update

Welcome to spring, where the insights industry has been facing challenges in regulation and legislat...

Read More >
California Considering Yet More CPRA Rules for Cybersecurity Audits, Risk Assessments and Automated Decisionmaking

California Considering Yet More CPRA Rules for Cybersecurity Audits, Risk Assessments and Automated Decisionmaking

Even before the ink is dry on the regulations implementing the new California Privacy Rights Act (CP...

Read More >
Final CPRA Regulations Will Hit by Summer 2023 Enforcement Deadline

Final CPRA Regulations Will Hit by Summer 2023 Enforcement Deadline

​​​​​​​The final rules implementing the California Privacy Rights Act (CPRA) should come into...

Read More >
Members only Article - Please login to view