Published on 01/06/2017 in Innovate
First of all, it is important to have a clear idea of the situation in your company. What happens with the personal data your company keeps: how is it used, who has access to it, etc. and where might security risks such as data leaks occur? Make a plan for the necessary adjustments to your business processes and procedures.
Companies that process data regularly and systematically are obliged to appoint a Data Protection Officer or DPO. Their job is to ensure that the company manages and processes data in accordance with the GDPR. Companies that do not have the necessary expertise in house can call on an external partner.
Everyone whose personal data you keep has a number of basic rights: the right to consult the data, to have data transferred, to have inaccurate or incomplete data corrected or to have data deleted. Are your staff aware of this? It is important for them to realize that they share responsibility for the protection of personal data.
If you pass on data to a partner or a supplier, for instance to send out a marketing campaign, then throughout this partner relationship you remain responsible for the proper management of your data in accordance with the GDPR. Is your partner or supplier GDPR-compliant? How and where do they keep their data? What about data leaks?
If a data leak occurs, it must be reported to the supervisory authority and the people concerned within 72 hours. Draw up a clear plan. What if sensitive data is e-mailed to the wrong people? Who has to be told if a member of staff suspects a leak? Opt for a reliable prevention method, such as data encryption, which limits the risk of leaks.
Companies have until 25 May 2018 to bring their operating processes into line with the GDPR. It is advisable to start as soon as possible and seek legal advice from a privacy expert. Read the interview with Sheila Fitz Patrick from NetApp on www.proximus.be/GDPR as well.