The GDPR will have real and important impacts on your core business. Efficy advises and offers you adapted solutions to cope with this huge data protection change.
The GDPR, General Data Protection Regulation, took effect in May 2018. Your time to prepare for the GDPR is limited. If you don’t know what the GDPR is yet, it is high time you had a look at our article describing the key concepts and fundamental principles of this regulation.
Most importantly, it is time to get your organization prepared for this big data processing change. Fines up to 20 million euros or up to 4% of your annual turnover could be imposed if any data breach occurs after May 2018. Read Efficy’s recommendations carefully.
Recommendation #1 – Conduct an internal audit of your data process
Before taking action, you need a clear picture of all the processes in place in your organization. You have to list them all, including the type of personal data concerned, the department and people who handle, process, store, access this data. The first step is therefore to analyse you current data security situation.
Efficy’s Solution: the GDPRank
Efficy will soon enable you to analyse, online and for free, your current situation. You will know to which degree your company is at risk concerning the GDPR compliance. By answering a few questions, you will be given a better picture of the measures you need to take to be fully prepared by May 2018.
Recommendation #2 – Get prepared
This step is crucial when it comes to GDPR compliance. At this stage, you need to come back to your audit and take an analytical look. The idea is to reduce the damage some data processes could cause. You need to identify the risks of each of your data processes and take action to reduce them.
Once you have come up with internal risk management processes, make sure you document them all to protect your organization in case of control by dedicated authorities.
Efficy’s Solution: Data Privacy Impact Assessment
In the coming months, Efficy will put into place its Data Privacy Impact Assessment service. It has to do with a consulting service provided by an expert in data protection. This expert will conduct an internal audit of your data process and make appropriate recommendations that will help your organization take the right decisions. The complete description of the service will soon be available here.
Finally, Efficy will also allow its customers to use what is called a Shared DPO (data protection officer), a consultant that will help your company from a technical point of view. You do not need a full-time DPO, this is why this shared consultant will bring flexibility, control and security to your company when it needs it the most. The description of the service will soon be available here.
Recommendation #3 – Control
Stored data needs to be checked regularly to ensure their up-to-date status. If this data is no longer used, a data suppression process must be implemented..
Efficy’s solution: Data Cleansing Service
A data cleansing subscription will soon be ready for clients willing to delete, archive all inactive, old-dated data. In that way, you guarantee data cleanliness and avoid any data breach. Discover soon this added-value service here.
Recommendation #4 – Give access to data
In accordance with the GDPR, measures shall be taken to allow data subjects to access their personal data in order to edit, modify or even delete them.
Efficy’s solution: GDPR Direct Data Access (DDA)
Thanks to a secured data access, people subjected to the GDPR will be allowed to gain access to their personal data in order to edit, modify or delete their data or preferences. More information about this module will shortly be issued here.