Even though the deadline for General Data Protection Regulation (GDPR) compliance has already passed, the majority of companies in the world are still not ready. Especially small size and medium size companies, they either don’t know the law or don’t have the resources to implement the GDPR.
Table of Content
Here are 6 steps that can help your company GDPR compliant
1. Learn what is GDPR
The very step in helping your company GDPR compliant, you need to learn what GDPR is. GDPR is basically an UK law on data and privacy of individuals within EU. In order to keep or obtain data from EU individuals, companies need to obtain consent from them first. They have rights to request companies to have their data be removed.
2. Individual Rights
3. Data Management
If you obtain data from individuals, you need to ask yourself few questions:
Why are you collecting the user data?
How long are you going to keep the data?
Do you share data with third parties?
How do you collect the data?
All these questions and answers to them should be included in your privacy polity as well.
4. Child Consent Policy
For children that is age under 16, the GDPR states that they can’t give consent because they are not aware of the important of data and privacy.
5. Data Breaches
In the age of technology, there is very high risk of being victims of data breaches. Anything can happen, so you need to prepare the worst. You need to consider the fact that what if the data that you collect got stolen, what your protocols are. The GDPR specific states that you need to report to authorities within 72 hours of discovery of data breach, as well as informing all users about the breach and consequences.
The last but the least, you need to inform all employees or staffs about data privacy. When they are collecting data from people, especially from EU residents, they have specific rights that states in the above.