GDPR is a little over a year away - plenty of time to prepare right? Well, not exactly. It’s an intense set of legislation with damaging sanctions. The sooner you start to prepare the better.
Here are four things you can get cracking with right away.
Get the word out. Staff, stakeholders, clients and service providers will all need to know the law is changing and that it means a change to working practices. Pay particular attention to staff and service providers who are involved in data processing. Consider formal training to get them up to speed.
Examine your information
This is the most obvious thing to do. Go through your data, find out what you have, where it came from and where it goes. A thorough audit will help you to identify where your data flows to and from, and where it sits. This, in turn, will help you to mitigate any security breaches.
Outline and implement your reporting procedures
The GDPR introduces a new set of procedures for reporting data breaches. The ICO advises having policies and procedures in place to identify, investigate and report personal data breaches. Get these procedures and policies ready now and start working with them to ensure they work ahead of May 25, 2018.
Adopt a Privacy by Design approach
Under the current legislation, Privacy by Design is an add-on - with GDPR it’s part of the mix. Not following these practices will now put your organisation at risk in light of GDPR. If you begin implementing privacy-friendly practices now you can lower your risk of sanction and data breach, reduce compliance costs and future-proof your software.