Five steps to prepare for GDPR

Mar 23, 2018
The single, largest piece of advice from data privacy group 3M in finalising preparations for the General Data Protection Regulation (GDPR) is to review everything - now.

GDPR will fundamentally change the way businesses collect, store and use customers’ personal information when it comes into force on the 25 May 2018. According to 3M, many businesses are underestimating the work involved to ensure compliance.
 
Businesses that do not comply or are in found of a breach can face a fine of up to €20 million in penalties or 4% of annual worldwide turnover.
 

3M has identified five key, practical measures to take in preparing for the new regulations in just a few weeks’ time:
 

  1. Take ownership and take action: your internal GDPR team must take responsibility for reviewing existing data, developing new procedures for collecting, storing and using data, and for ownership of the policies. They will be accountable in the event of a breach, so task this team to conduct final checks on all data, all material and all your company policies and privacy statements;

  2. Conduct an appraisal: task your GDPR team to review all personal data held by your organisation, including how you received it. Validate it and catalogue it as required, then perform a gap analysis to identify potential, associated risks. Then evaluate all data privacy notices and policy procedure documents in terms of GDPR compliancy;

  3. Develop new policies and procedures: after you have mapped the data, it’s time to implement internal policies and measures which take into account Privacy by Design and by Default. The new or improved policies and procedures are designed to mitigate the security and privacy risks identified with existing data that may be unauthorised, or to defend the company in the event of an involuntary security breach;

  4. Training: implement training and review checklists for data protection among your organisation. Implement internal breach notification procedures and incident response plans. Ensure your communications teams, and anyone else with direct contact to current and prospective customers, are aware of the company’s new policy; and

  5. Security: assess the design of any open space working areas, particularly those of data sensitive departments such as Finance, Legal, HR, Pricing and so on. The mobile workforce is also at high risk of visual hackers accessing private, sensitive or confidential information for unauthorised use. Implement new security measures such as privacy filters to safeguard the display of information and mitigate exposure to visual hacking.

Source: 3M.