GDPR - you can't bury your head in the sand and hide from it. Here's what you need to do if your business isn't GDPR Compliant yet.

GDPR - you can't bury your head in the sand and hide from it. Here's what you need to do if your business isn't GDPR Compliant yet.

GDPR has landed! In an ideal world all businesses would be GDPR compliant after crossing the 25th May deadline but in reality for most businesses it is still a working process. It is too late if you haven't started working on it - but hey! It doesn't mean you shouldn't start now. 

The ICO is the regulating body for the General Data Protection Regulations. The right course of action for you will be to finalize a plan for your compliance and take small steps towards your goal. Document all the process and procedures, down to the tiniest details as a proof of your good-faith intentions to achieve GDPR compliance. As long as you are actively working towards being complaint, the ICO will be able to see that you’re trying.

The first order of things will be to audit all the information and devise a list of the personal data you currently hold.

1. Map all the sources of personal data in all your operations and document what you do with the data. Sort it by type, i.e. Names, addresses, phone numbers, and so on. You will need to know the data sources. Attribute a source (websites, native mobile applications, other digital touch point) for each separate piece of information documented.

2. Figure out whether the data is stored on site or in the cloud. This could be a list of internal databases, but could also include offline stores and third-party storage providers. 

3. Establish which departments or teams collect personal data.

4. Identify which third party vendors you are sharing this information with so that if you need to delete or amend the data, you can inform them that they must also update their records. Understand how the vendors use the data you share with them and if they are complying with GDPR. Cross-check your contracts and service level agreements with them.

5. Each Partner that has access to the data must have a valid reason to obtain and use it.

6. Decide what information you will continue to hold and that which you can destroy. 

In the process of cleanup, be mindful and ask yourself: 

Why are we saving all this data?

Can we avoid collecting certain categories of personal information?

Can we delete this data instead of archiving it?

7. You should appoint a data protection officer or data controller who is in charge of GDPR compliance to manage data requests, report security breaches and ensure that relevant policies are updated from time to time.

8. Prioritize updating your terms and conditions, privacy policy and cookie policy. They should clearly state your alignment with the spirit of the law for protecting data privacy. Don’t claim to be compliant if you’re not. Just state your commitment to protecting consumer data and reassure your users that you’re actively working to meet GDPR requirements.

9. You need to have adequate measures in place to detect, report, and investigate in the event of a personal data breach. Have a communication plan to report a breach to your users.

10. GDPR requires you to establish a legal basis for collecting data, which you will need to outline in your privacy policy. You need to have a proof for requesting and obtaining consent. The proof must be logged into your system with a time stamp.

We will be discussing in detail about Consent and the general misconceptions around Consent and Legitimate Interest in our next post. 

    Zoho Desk Resources

    • Desk Community Learning Series


    • Digest


    • Functions


    • Meetups


    • Kbase


    • Resources


    • Glossary


    • Desk Marketplace


    • MVP Corner


    • Word of the Day


      Zoho CRM Plus Resources

        Zoho Books Resources


          Zoho Subscriptions Resources

            Zoho Projects Resources


              Zoho Sprints Resources


                Zoho Orchestly Resources


                  Zoho Creator Resources


                    Zoho WorkDrive Resources



                      Zoho Campaigns Resources

                        Zoho CRM Resources

                        • CRM Community Learning Series

                          CRM Community Learning Series


                        • Tips

                          Tips

                        • Functions

                          Functions

                        • Meetups

                          Meetups

                        • Kbase

                          Kbase

                        • Resources

                          Resources

                        • Digest

                          Digest

                        • CRM Marketplace

                          CRM Marketplace

                        • MVP Corner

                          MVP Corner




                          Zoho Writer Writer

                          Get Started. Write Away!

                          Writer is a powerful online word processor, designed for collaborative work.

                            Zoho CRM コンテンツ




                              ご検討中の方