We rounded up some general guidelines to help you achieve GDPR compliance.

Whether your company has a physical presence in the European Union (EU) or is based outside of the EU, you should understand the basics of how to be GDPR compliant.

If your company markets to, processes the data of, or stores personal data about citizens in the EU, regardless of how small your business may be, GDPR applies to you.

We rounded up some general guidelines on how to protect your business. You may not need to follow all of these, depending on the nature of your business, but this should help you get started:

Documentation

Be sure to document all aspects of your company’s interactions with personal data. Consider this:

  • What is the purpose of gathering, storing, and accessing the data?
  • How is the data protected from breaches?

Consent

Gather consent from individuals when collecting their data. Keep in mind that consent must be “freely given, specific, informed and unambiguous.”

Records of given consent must be kept, whether in the form of audio recordings, paper trails, digital checkboxes or web forms.

Data Breaches Reporting

In the case of a breach, the company must inform the relevant regulatory body within 72 hours.

Additionally, the company must contact all individuals or make a public announcement so they’re aware that their data has been breached.

Data Protection Officer

Appoint a Data Protection Officer to oversee structural change and help your organization recognize the importance of individual data rights and adherence with the GDPR.

Final Thoughts

GDPR impacts large multinational corporations and small businesses alike. While larger companies may face greater scrutiny under the new regulation, smaller companies – even those with only a few employees – should not think that they can fly under the radar on being compliant.

Assuming that GDPR does not impact your business is a risky proposition, especially considering how easy it will be to inadvertently break these laws.

Go Further

About the Author

veenus-maximiuk_sp16_2_jpgVeenus Maximiuk is a Sr. SharePoint Architect in Columbus, Ohio for the Enterprise Collaboration Practice. She is an MCSE – SharePoint 2013 as well as a Microsoft Virtual Technical Specialist. She specialized in SharePoint since 2004, designing and implementing public facing internet sites, company intranets and extranet sites.