If you are not already feeling the pressure of the General Data Protection Regulation (GDPR) deadline on 25th May 2018 fast approaching, you should be. With less than a week to go until the legislation comes into force, and you need to be doing something about it if you are not already. You do not want to get caught off-guard in the first few months of enforcement, when regulators may do some sporadic checks to see who is working towards compliance.
Thankfully, within the first 12 months what regulators will be looking for more than anything is evidence that businesses are moving along the road to GDPR compliance, so don’t worry too much if you are not all the way there yet. If you have not started looking at your strategy to abide by these new laws, now is absolutely the time to plan your road to GDPR compliance, and fast!
Wherever you are in your journey, take a look at our very last-minute preparation tips below to ensure you are not missing any of the essentials.
Firstly, if you are already prepared for GDPR and ready to go; congratulations! You are honestly doing better than a lot of businesses out there, big and small. You are protected against those giant potential fines we have heard so much about, but there are still a few things you should check on before you get too relaxed.
Service providers should certainly be doubled checking their data collection pipelines to ensure no unnecessary data that may cause compliance issues is coming through from relocation management companies (RMCs) or other clients. Ensure that all data is pertinent to the case at hand and necessary to complete your contractual obligations. RMC should take the time to ensure that their clients are giving clear and informed consent for their personal data to be processed and are fully aware of which service providers will have access to the information.
So, you are well on your way to getting prepared for GDPR, but now is a perfect time to pause for a moment and take stock of where you are at, and where you want to be. By now you have probably completed a full internal data audit of your business and are working towards bringing your current processes and workflows up to standard. Double check your list of requirements for GDPR compliance and draw out a company roadmap to get everything completed promptly.
Ensure that you have a solid plan of action for the next few months which details timeframes for replacing existing procedures, policies and consent forms. Are you logging the flow of data in and out of your company? Are your software and service providers all up to standard, and there is anything extra you could be doing to help others in your network? Also confirm that you have valid and actionable plans in place for the editing and deletion of personal data, an essential point which many forget.
The first thing to do if you are in this situation is not panic. You are not alone, and it is much better to begin your preparations now instead of closing your eyes and just hoping for the best. As mentioned above, within the first 12 months of GDPR, the regulators will look favourable on those planning their actions to reach compliance. That being said, the faster you can review your business and make changes towards GDPR compliance, the better. The first stage for any organisation aiming to be GDPR ready is to complete an internal data audit, where the flow of data into, through, and out of the business is carefully catalogued, including types and amounts of data.
Once you know what data you handle, you can create an action plan for the necessary changes to be made in the coming months. You may need to change your data storage, how you log data processing, what information you make available to your clients, the types of consent you receive from individuals, data processing agreements between yourself and other companies, or all of the above. There are many GDPR-compliant software solutions now on the market which cater for all budgets and will assist you in handling many of the preceding points. Whatever you need, now is the time to act, before it is too late.