Implementing GDPR Privacy Compliance
Punit Bhatia
15 years: Data privacy & GDPR
In this video Punit outlines three crucial steps to implementing privacy compliance in your company. The first being to set up a strong foundation, for example appointing a DPO. Secondly, manage different actions that help compliance with various requirements of GDPR with a checklist. Thirdly, ensure it is sustainable.
In this video Punit outlines three crucial steps to implementing privacy compliance in your company. The first being to set up a strong foundation, for example appointing a DPO. Secondly, manage different actions that help compliance with various requirements of GDPR with a checklist. Thirdly, ensure it is sustainable.
Implementing GDPR Privacy Compliance
10 mins 11 secs
Key learning objectives:
Identify the sustainable key actions a company can take for privacy compliance
Overview:
Organisations must have a direct emphasis on a wide range of steps to be taken to ensure the effective implementation of the GDPR. If not done well, implementation of the GDPR can become confusing, and stakeholders and sponsors will find it difficult to get a sense of what's going on.
What are the different implementation actions for a privacy compliance approach?
- Privacy by design - The privacy-by-design requirement demands that each new initiative that makes use of personal data takes the protection of such data into consideration. Also, an organisation must be able to show that it has put adequate security in place and that compliance is monitored.
- Records of processing activities - Because most organisations have this information spread through various documents and processes, an inventory of personal data must be carried out and the obligation to keep records of processing activities fulfilled.
- Prepare retention schedules - As per GDPR, personal data should no longer be stored when the purpose of data processing ceases to exist. For companies with a long history and outdated processes, this is very difficult to enforce because we are not in "paper days" where deleting means that the paper is ripped off, shredded or burned and the action cannot be reversed.
- Map all processing to one of six legitimate purposes - This is centrally managed and completed in cooperation with teams who own customer data. If there are procedures that cannot be mapped out, suggest seeking approval or stopping such processing.
- Implement processes for managing rights requests in time - Ensure that the log of all demands for rights obtained by your organisation is preserved.
- Review and safeguard data transfers - It is essential to: Put in place processes to perform due diligence on vendors before hiring; Ensure appropriate clauses are included in existing and new contracts; Monitor new contracts and vendors privacy compliance.
- Create or update privacy and cookie statements - A Privacy Statement or Notice is a Customer (or Employee or Supplier Personnel) document that ensures the Party is concerned how your company handles its data. Being open and allowing data subjects to have access to information is at the core of GDPR.
- Create awareness and provide training - A core part of your GDPR implementation will include ensuring your employees understand the importance of data privacy and protection.
- Prepare for complaints and data breaches - It is critical to have mechanisms in place to handle grievances as they are received and to be prepared to deal with data breaches as they occur.
Last but not least making it sustainable. Sustainability is the prospect of looking ahead (a few years) beyond the limits of your initiative or program and seeking answers to the following three questions.
- How will this organisation remain compliant?
- What are the actions required to remain compliant?
- Who will take those actions? And, how will these actions be monitored?
Punit Bhatia
There are no available Videos from "Punit Bhatia"