To Preparing Your Business For The Gdpr (general Data Protection Regulation) - 10 Steps

Update Privacy NoticesReview your current privacy notices. Under the GDPR, you must explain your lawful basis for processing data, your retention periods, and that individuals have a right to complain to the relevant supervisory authority if they think there is a problem with the way you are handling their data.

Verify Individual RightsEnsure your procedures cover all the rights individuals have, including: The right to be informed. The right of access. The right to rectification. The right to erasure (the "right to be forgotten"). The right to restrict processing. The right to data portability. The right to object. Update Privacy NoticesReview your current privacy notices

Designate a Data Protection Officer (DPO)Check whether you are required to formally designate a Data Protection Officer. This is mandatory for public authorities, organizations that engage in large-scale systematic monitoring, or those that process sensitive personal data on a large scale. Even if not mandatory, appointing a point person for compliance is highly recommended. The right of access

Conduct an Information AuditDocument what personal data you hold, where it came from, and who you share it with. You should maintain a record of processing activities. If you have inaccurate personal data and have shared it with another organization, you must tell them so they can correct their records. The right to restrict processing

Identify a Lawful BasisYou must identify and document the lawful basis for your processing activity. This could be "consent," "contractual necessity," "legal obligation," or "legitimate interests." This choice must be explained in your privacy notice.