Complying with the GDPR (General Data Protection Regulation), which was came into effect on 25th May 2018, is compulsory for any company which operates in Europe. The new regulation addresses the treatment of personal data and its free circulation.
- Update legal documents and carry out internal audits
This will determine the needs of the company in order to adjust to GDPR.
- Request the certificate or permission to be able to process data
If the current consent does not comply with the new regulations it will have to be requested again.
- Organize an information audit
Explain to clients why their data is stored and update the data of employees.
- Develop a guidance document for the work team
Employees must know what GDPR is and how it can affect the company, so they can carry out the necessary procedures.
- Have a data elimination system
The company will have to arrange an efficient and effective system to erase the data requested or not necessary anymore.
- Prepare a crisis management strategy
You will have to establish a crisis management strategy for if its application is ever necessary.
- Report the compliance
Once the different channels (web page, social networks and various mediums) updated, the company needs to report its compliance with the regulation.
- Ask for permission
Users interested in being part of the company´s database will have to accept the terms and conditions requested of them through the different channels.
- Pay attention to minors under 16 years old
The minors under 16 years old will need permission from their parents or tutors.
- Assign the figure of the Data Protections Officer (DPO)
The EU recommends the inclusion of the figure of the Data Protection Officer to ensure that what is established in GDPR is respected and complied with. It can be a question of having an external professional or an employee who assumes said functions.
To get more information about the compliance with GDPR, look at the AEPD web page.
This article is not considered as legal advice