GDPR Preparation

Preparing for GDPR

Day(s)
Hour(s)
Minute(s)
Second(s)

If you are worried about what effects GDPR has on your business, well at least you have noticed the elephant in the room.

The Data Protection Commissioner (Ireland) has identified the 12 steps to being prepared for GDPR which are summarised below.
Is your business GDPR ready?


1. Awareness

Review risk management processes, identify problem areas, establish a plan

5. Data Requests

Planning for how your business will meet the new timescales for handling data access requests within one month.

9. Data Breaches

Mandatory data breach reporting is coming. Are procedures in place to detect, report & investigate a data breach?

2. Accountability

Do you know your data? What personal data you hold? Why do you hold it? Do you need to retain it? How safe is it?

6. ‘Legal Basis’

Do you meet GDPR standards of the ‘Legal Basis’ for collection & processing data? Consent, legal enactment, legitimate interest?

10. DPIA

Data privacy at the heart of all projects. Data Protection Impact Assessments (DPIA) & Data Protection by Design & Default.

3. Communicate

Assess how your customers and staff are notified & informed about data privacy and how their data is used.

7. Using Consent

Are any changes required to the way you seek, obtain and record customers data consent in order to be GDPR ready?

11. Data Officers

You may be required to designate a DPO. Someone who has the knowledge, support & authority to do the job effectively.

4. Privacy Rights

Procedures must be in place for privacy rights that individuals are entitled to. This includes the deletion & portability of data.

8. Children Data

Systems must be in place in relation to children & minors, to verify an individual ages and collect guardian’s consent.

12. International

If you operate in many member states, identify your Lead Supervisory Authority where your Main Establishment is in the EU.

1. Awareness

Review risk management processes, identify problem areas, establish a plan

2. Accountability

Do you know your data? What personal data you hold? Why do you hold it? Do you need to retain it? How safe is it?

3. Communicate

Assess how your customers and staff are notified & informed about data privacy and how their data is used.

4. Privacy Rights

Procedures must be in place for privacy rights that individuals are entitled to. This includes the deletion & portability of data.

5. Data Requests

Planning for how your business will meet the new timescales for handling data access requests within one month.

6. ‘Legal Basis’

Do you meet GDPR standards of the ‘Legal Basis’ for collection & processing data? Consent, legal enactment, legitimate interest?

7. Using Consent

Are any changes required to the way you seek, obtain and record customers data consent in order to be GDPR ready?

8. Children Data

Systems must be in place in relation to children & minors, to verify an individual ages and collect guardian’s consent.

9. Data Breaches

Mandatory data breach reporting is coming. Are procedures in place to detect, report & investigate a data breach?

10. DPIA

Data privacy at the heart of all projects. Data Protection Impact Assessments (DPIA) & Data Protection by Design & Default.

11. Data Officers

You may be required to designate a DPO. Someone who has the knowledge, support & authority to do the job effectively.

12. International

If you operate in many member states, identify your Lead Supervisory Authority where your Main Establishment is in the EU.