Compliance with the GDPR is a massive topic*, involving dozens of requirements. *We’ve gotten down to 2 minutes, so forgive us of it’s a little dense!
To get started, here are some essential compliance requirements:
- Records of Processing
- Security of the Processing
- Systems for Individual Requests
- “Privacy by Design” and “Privacy by Default” Principles
- Governance: Designation of a Data Protection Officer or a Representative
Companies have to keep “Records of Processing,” otherwise known as a “data map” of where information lives in the organization and how it’s used and shared. Normally, lawyers can provide templates or software that can help create this map semi-automatically.
Organizations have to implement and maintain a level of data security appropriate to the risks. This most commonly includes: Break up bullet list into different scenes?
- encryption of personal data;
- the ability to ensure the confidentiality, integrity, availability and resilience of processing;
- The ability to restore the availability and access to personal data; and
- A process for regularly testing and evaluating the effectiveness of these security measures;
Privacy by design means that privacy should be the default in product development, and products should be designed with privacy in mind. New projects should be designed to comply with Data Protection Laws.
And finally, companies should put in place governance mechanisms to assist with compliance. Some companies - with large or sensitive data collection - must designate a data protection officer. And companies that don’t have an establishment in the European Union (that are subject to the GDPR) must appoint a representative in Europe
Records - Data Map
“Privacy by Design” and “Privacy by Default”
Data Protection Officer or a Representative
Remember - these are just the basics! There are many more steps required to comply with the GDPR.