In less than a year before the entry into force of the General Data Protection Regulation (GDPR), it is time to take action.
In the meantime, we are already very well informed that the GDPR will be implemented in one year, on 25 May 2018.
In our previous articles, which have been the subject of a special edition of our Newsletter, we already gave detailed comments on the new obligations deriving from the GDPR and the consequences that this entails.
However, although the time has come when the theory has to be put into practice, this may not be the cause of stress.
We consider that privacy and the GDPR are rather an opportunity for companies in order to achieve a healthy treatment of the personal data and make their business grow.
Companies should be preparing the processes of thier companies in order to be compliant with the provisions of the GDPR.
1. How to prepare and comply with the GDPR?
This includes, among other things, that you:
comply with the documentation requirement;
develop action plans to comply with the notification requirement;
take steps to actively educate your staff;
appoint, if necessary, a data protection officer;
carry out an impact assessment of data protection.
More information regarding what is currently expected from your company, you can check out our articles on which you can click at the bottom of this article.
In order to provide a concrete response to the GDPR, it may be useful to start conducting a privacy audit. This will allow companies to determine the weaknesses and how to treat them.
Once all existing processing operations, data flows and protection measures have been identified, companies can take the next step to implement the necessary measures to fill up the gaps and find appropriate solutions.
In the following months, the Privacy Commission will develop additional guidelines relating to consent, the records of processing activities, transparency, and other matters.
We will keep you informed about developments so that you will be in a position to make the necessary adjustments.
2. Conclusion As mentioned earlier, it is time to take action, but there is no reason to be panic.
The privacy commission does not intend to immediately impose "monster fines". It is expected that it will firstly sensitize and warn companies. Everbody benefits from a clear and effective privacy protection, with the sanctions not being an end in itself.