We rounded up some general guidelines to help you achieve GDPR compliance.
Whether your company has a physical presence in the European Union (EU) or is based outside of the EU, you should understand the basics of how to be GDPR compliant.
If your company markets to, processes the data of, or stores personal data about citizens in the EU, regardless of how small your business may be, GDPR applies to you.
We rounded up some general guidelines on how to protect your business. You may not need to follow all of these, depending on the nature of your business, but this should help you get started:
Documentation
Be sure to document all aspects of your company’s interactions with personal data. Consider this:
- What is the purpose of gathering, storing, and accessing the data?
- How is the data protected from breaches?
Consent
Gather consent from individuals when collecting their data. Keep in mind that consent must be “freely given, specific, informed and unambiguous.”
Records of given consent must be kept, whether in the form of audio recordings, paper trails, digital checkboxes or web forms.
Data Breaches Reporting
In the case of a breach, the company must inform the relevant regulatory body within 72 hours.
Additionally, the company must contact all individuals or make a public announcement so they’re aware that their data has been breached.
Data Protection Officer
Appoint a Data Protection Officer to oversee structural change and help your organization recognize the importance of individual data rights and adherence with the GDPR.
Final Thoughts
GDPR impacts large multinational corporations and small businesses alike. While larger companies may face greater scrutiny under the new regulation, smaller companies – even those with only a few employees – should not think that they can fly under the radar on being compliant.
Assuming that GDPR does not impact your business is a risky proposition, especially considering how easy it will be to inadvertently break these laws.