The Global Privacy Data Regulation (GDPR) is one of the world’s strictest privacy laws. When your company collects, stores, and processes data from European Union (EU) and United Kingdom (UK) residents, you must comply with the GDPR.
Penalties for breaching the GDPR include fines of up to €20 million, or four percent of the company’s global revenue, whichever is higher.
The GDPR incorporates seven key principles for data collection and use:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Keeping these seven principles in mind will help you create your own GDPR policy. (Spoiler alert: SixFifty’s GDPR privacy solutions make the job even easier.) Read on to find out how you can comply with our GDPR compliance checklist.
How Do You Comply With the GDPR?
GDPR compliance is a matter of finding out which data you collect, store, and process—then implementing policies that will protect data privacy. For instance, the first thing to do is perform a data audit across your company. Are you collecting information from EU/UK residents? Is it sensitive or otherwise personal? How is that data stored and processed? Who has access? The answers will help you implement your GDPR privacy policy.
If your company is large, you’ll need to assign a data protection officer (DPO). Some businesses choose to assign one, even if they’re not required by the GDPR. This ensures that someone is always monitoring your data practices.
Next, draft a GDPR compliance policy. SixFifty makes it easy: our GDPR privacy toolset is updated regularly to ensure you’re always covered.
Finally, implement your new policies. That usually means reviewing consent practices and guaranteeing any sensitive data is protected from breaches. Your experience may vary, depending on your industry and company type.
Use This Free GDPR Compliance Checklist
This quick GDPR compliance checklist will help you hit the most important points:
- A lawful basis to collect data: You must have a lawful basis upon which to collect data. Your company should enumerate the data processing policy and justification in your privacy policy.
- Data security measures: Data must be kept secure at all times, from the beginning of a project to its end. Encryption and anonymity should be used whenever possible. Your company needs to understand the security policies and have a plan in place, in the event of a breach.
- Accountability and oversight: Even if you’re not required to have a data protection officer, your business should designate someone to oversee data protection. For those doing business outside the EU and UK, appoint a representative in one of the EU member states. Ensure that any third-party data processing vendors are aware of your policy and agree to abide.
- Privacy considerations: Finally, be prepared to give customers control. They have the right to view, update, correct, and delete their data. They may also request you to stop processing data about them. If you use automated processes to make decisions, your company must have a policy in place to protect their rights.
These four points provide a broad picture of what you’ll need to do to stay compliant. In practice, this may be more complicated.
SixFifty Has Solutions
While this GDPR compliance checklist can help you draft your own company privacy policy, it’s still an unwieldy task. Instead of assigning it to your in-house legal department or hiring expensive outside counsel, you can save time and money with SixFifty.
Our proprietary legal technology uses automation—and real legal expertise, from some of the nation’s top lawyers—to automatically generate comprehensive, enforceable GDPR policies. There are three easy steps:
- Log into your SixFifty user interface and select GDPR products
- Answer a few questions about your company
- Download the generated file(s)
Once you’ve downloaded the files, all your lawyer needs to do is review and approve. It’s the best of both worlds: you’ll get the protection you need while cutting down on billable hours and in-house legal tasks.
You might be tempted to download a free GDPR policy template and customize it yourself. Unfortunately, one-size-fits-all policies may not protect you in the event of a breach. Should your company be audited, you may find that the template does not cover every contingency or process involved.
It’s always best to start off on the right foot. In this case, the best way is also the easiest way—at least, when you work with SixFifty. Because the GDPR is so strict, your business could rack up hefty fines before you even realize it.
We’d love to tell you more about our GDPR privacy solutions. If you have questions or want to schedule a demo, reach out today.