EU GDPR Checklist: What’s changing and what steps should you be taking now?
On May 25, 2018 the new European General Data Protection Regulation (EU GDPR) will come into effect. Is your organization ready? Our GDPR checklist will help you to anchor the new regulations with your daily processes and avoid financial penalties.
What are the major threats to GDPR compliance at your organization?
Whether it be contact info, photos or IP addresses, when it comes to processing customer data, organizations must tread ever more carefully. Clients now must explicitly consent to the processing of their data, and retain the right to access any data held in their name and to have it permanently deleted. Withdrawing this data consent is also possible at any time. In addition, the new regulations promote safe data transfer between service providers and recommend the pseudonymization of personal data. You can find the complete legal changes.
EU GDPR Checklist: What do you need to know?
The figures are pretty shocking. Failure to comply with the new rules will result in organizations paying either 4% of gross annual revenue or 20 million euros–depending on which amount is higher. That’s 20 million reasons to make sure your processes are up-to-date. Use our checklist to get started.
Check the compliance of your processes
Check which of your existing processes deal with personal data. Document the new data protection changes including risks and controls into your process diagrams.
Update terms & conditions
Are your T&Cs and other consent forms up to date? Check and update your legal documents in order to add them to your documented business processes.
Inform the team
Make sure all employees are aware of the new regulations, and which processes are most fraught with risk. The best way to achieve this is through a central knowledge repository, where you can save and share process knowledge.
Don’t forget your processes still have to function correctly when the GDPR comes into effect. . Create decision models to show your employees what is required of them at a glance, and save yourself any long and tiresome explanations.
Secure timely notification of data breaches
If you do make a mistake in future, a prompt reaction is required. Automate processes in order to inform the relevant authorities in line with new deadlines. This will secure prompt compliance with procedures as well as a consistent and correct approach.
React quickly to customer demands
The amendment and deletion of data must occur quickly. But not all documented processes run in the way you might expect. Identify possible process variants and weak spots and secure a quick response from those responsible.
GDPR and process management
Well-functioning process management is essential when it comes to avoiding monetary penalties , yet many organizations do not see this as self-evident. The Signavio Business Transformation Suite gives you the tools for rapid reaction to regulatory change. Compliance management is made easy. Complex rule sets are replaced by compliant and functioning processes.
- Identify regulatory violations and risks directly in your daily processes
- Ensure that employees are correctly carrying out critical business decisions
- Incorporate compliance changes quickly into your processes
- Ensure seamless traceability of processes
See what you can achieve with our free!