12 Key Questions To Help Prepare For The GDPR

Ask yourself these questions to develop a business specific data management plan that will help your organisation get GDPR ready:

  1. Obligations

    Do I understand my organisation’s privacy obligations, risks and is our data compliance strategy fit for purpose?

 

  1. Impact

    Do I understand how GDPR impacts my organisation? Are Data Processors (DPs) fully educated on their responsibilities to fulfill the requirements?

 

  1. Data Protection Impact Assessments (DPIAs) 

    As a starting point to GDPR, have we undertaken a DPIA? Are we undertaking these on a regular basis?

 

  1. Decision-making

    Am I making sound decisions and plans around business initiatives and the technology required  to manage data and personally identifiable information (PII)?

 

  1. Personally Identifiable Information (PII) 

    Have I got a clear view of the personal information we process, who is processing it, where it is kept and the purpose for which it is used?

 

  1. Increased rights for data subjects

    Is there an appreciation of the fact that data subjects/individuals have increased rights and can make requests about the data we hold on them?

 

  1. Consents

    Do we have the required consents from data subjects/individuals to hold and process their data?

 

  1. Transparency

    Are we clear and transparent with our privacy notices, contracts etc?

 

  1. Data management

    Do I have transparent data correction, withdrawal, transfer, processing and compensation measures in place?

 

  1. Suppliers

    Do I monitor internal and third-party supplier data compliance, privacy and security to protect my organisation?

 

  1. Processes

    Am I confident we have the processes to foresee a data breach and manage this in accordance with GDPR requirements?

 

  1. Resources 

    Do I need a Data Protection Officer (DPO)?

 

For more helpful GDPR information, resources and access to FREE DPIAs Sign Up to Gravicus Osprey 

GRAVICUS - Simply smart software and tools for data management and compliance

Articles of interest:

https://gravicus.com/do-i-need-a-data-protection-officer-dpo-for-gdpr/

https://gravicus.com/data-protection-impact-assessments-dpias/