Ask yourself these questions to develop a business specific data management plan that will help your organisation get GDPR ready:
Do I understand my organisation’s privacy obligations, risks and is our data compliance strategy fit for purpose?
Do I understand how GDPR impacts my organisation? Are Data Processors (DPs) fully educated on their responsibilities to fulfill the requirements?
Data Protection Impact Assessments (DPIAs)
As a starting point to GDPR, have we undertaken a DPIA? Are we undertaking these on a regular basis?
Am I making sound decisions and plans around business initiatives and the technology required to manage data and personally identifiable information (PII)?
Personally Identifiable Information (PII)
Have I got a clear view of the personal information we process, who is processing it, where it is kept and the purpose for which it is used?
Increased rights for data subjects
Is there an appreciation of the fact that data subjects/individuals have increased rights and can make requests about the data we hold on them?
Do we have the required consents from data subjects/individuals to hold and process their data?
Are we clear and transparent with our privacy notices, contracts etc?
Do I have transparent data correction, withdrawal, transfer, processing and compensation measures in place?
Do I monitor internal and third-party supplier data compliance, privacy and security to protect my organisation?
Am I confident we have the processes to foresee a data breach and manage this in accordance with GDPR requirements?
Do I need a Data Protection Officer (DPO)?
For more helpful GDPR information, resources and access to FREE DPIAs Sign Up to Gravicus Osprey
GRAVICUS - Simply smart software and tools for data management and compliance
Articles of interest: