The General Data Protection Regulation (GDPR) affects any business that handles data belonging to EU citizens.
The new regulation replaces the 1995 Data Protection Directive and introduces new rights that are designed to protect personal data. On May 25, 2018, organisations that are not prepared could face hefty non-compliance fees.
Don’t start panicking yet, though. We have some handy tips below on how you can get your business ready for GDPR. This advice is meant to act as a suggestion. For legal questions on how you should comply, please consult an attorney.
Steps to make sure you’re ready for GDPR
1. Take inventory of your data
In order to understand the changes GDPR might mean for your business, you need to first understand how you use and process data internally. Below are a few questions that can serve as a starting point for your data inventory:
- What type of customer information do you process?
- How much of it is highly sensitive or identifying data?
- What information is absolutely necessary to running your service?
- Which third parties do you share customer data with?
- How do you get consent from customers to use their data?
Find the rest of the steps here.