Tips For GDPR Compliance In Your Organisation
In this article, we will present some advice on how to move closer to GDPR compliance.
Elect A Data Controller to Be Responsible For The GDPR Compliance
The employee must take responsibility for the procedures that process data to ensure that it is done correctly. The employee is also responsible for ensuring the training of their colleagues.
Map Out All the Procedures That Process Data
It is important to have an overview of when, where and how data is processed. Furthermore, it is important to map out when data should be deleted and to have procedures for this. For example, if an employee quits their job.
There should also be procedures for if a person wants insight into the data you have on them.
Privacy by Design and Default
In your online solutions, you must consider the concept of Privacy by Design and Default. In other words, you should design your solutions to protect personal data. In marketing, we know this by being able to check “no” to receiving marketing material. From websites, we know this by being able to choose which cookies the company may register.
In relation to Privacy by Design and Default, you can make use of anonymisation. This can help ensure that personal data can no longer be attributed to a specific data subject – without the use of additional information. It also presupposes that the additional information is stored separately and is subject to both technical and organisational measures. This is to ensure that this personal information is not attributed to an identified or identifiable person.
Use Suppliers Who Meet the GDPR Requirements
You must ensure that the suppliers you use also meet the GDPR requirements. For instance, having a data processing agreement is important. Read more about how MOCH meets the GDPR requirements by reading about our ISAE-3000 declaration.
Only Store Data You Need
It is important to consider ‘what is nice to have?’ and ‘what is need to have?’. In many cases, storing information that was only used for a short task is not necessary, and it should be deleted again.
Outsource The Training to E-Learning
If you invest in awareness training there are many benefits. Your employees can take the course whenever it suits them and they will save time by not having to attend a physical course.