How To Conduct A GDPR Compliance Review For Your 2020 Business

We’re now nearly two years on from the implementation of the General Data Protection Regulations (GDPR) and by now you should be pretty familiar with the concept. Becoming GDPR compliant is a huge and important task for all businesses, old and new, and is something that companies have had to focus on in recent years. Failure to follow these guidelines can have big consequences.

While you might think you’re on top of your GDPR efforts, business processes and technologies are changing all the time and therefore the compliance risks are also changing. As such, it pays to review your data protection processes regularly and ensure you’re keeping up to date with the latest trends and advances in technology. To help you do this, our guide below will talk you through how to do a GDPR compliance review for your business.

Check if you’re meeting the right criteria

The first step on your compliance review is to check if you’re meeting all the basic criteria for remaining GDPR compliant because if you’re not, you need to make some changes – and quickly! In order to check whether or not you’re following the guidelines, we’ve put together a GDPR checklist below. You need to be sure that your business has done/is doing the following:

Educating yourself and all members of staff on GDPR and your responsibilities as a business

Asking for explicit consent to collect data from all customers or users of your website

Setting out data consent policies by creating a Data Processing Notice for all customers/users

Quickly and effectively dealing with access and deletion requests

Mapping out all drives, clouds and devices that you store data on

Keeping note of how you’re asking for permissions and who has granted them

Encrypting all devices that hold sensitive data

Implement data security measures and processes to protect sensitive data

Appointing a Data Protection Officer (DPO) if necessary

Putting a data breach process in place which allows you to report a breach within the allotted 72 hours

Put changes in place

Using the checklist above you should be able to see if you’re ticking all the right boxes. If there are some glaringly obvious gaps in your security and data protection, for example not gaining consent, then you need to rectify this right away. Do this by implementing new systems and process to ensure you’re meeting all the criteria set out in the new legislation (as outlined above). You need to do this as soon as possible, otherwise you could land yourself in trouble with the EU governing bodies.

Audit your data regularly

It might seem daunting, but the best way to stay GDPR compliant is to be hyperaware of the data you collect and how you collect it. An important part of this is regularly reviewing and auditing your data. This means checking all your records to make sure you’re properly mapping out your data and that you’re aware of where everything is stored so you can quickly and effectively deal with access and deletion requests. Knowing where everything can be found is crucial should you ever come under scrutiny for your GDPR efforts.

Another important part of data protection is not keeping sensitive data any longer than you need to. As such, it’s important to review your databases, email lists, cloud-based documents etc. regularly to see if you need to update your information. Whether this is done manually or through an automated system, you should review your data every six to twelve months and remove the information of anyone who hasn’t engaged with your company in that time.

Review your security policies

The next part of your compliance review needs to be your all-important security measures. As previously stated, technology is evolving all the time, not to mention cybercriminals are becoming increasingly cunning, therefore you need to review your security systems and policies regularly too. What might have been the best malware or firewall a year ago, might no longer be the top of the range. So, it’s a good idea to have your team check for updates or new software that will do a better job.

Continue to educate your staff

You might have run training sessions or educated your staff on GDPR when it was first coming into effect, but when was the last time you updated them on best practices? It always pays to keep learning and offer regular updates to all employees. This reduces the risk of human error leading to a data breach and also means everyone will know how to report a breach should something go wrong. This also gives you a chance to update them on any new guidelines or changes to GDPR that have happened over the last 12 months or will be happening in the future.

Consider getting re-permissions

Many businesses had to gain re-permissions when GDPR was implemented, meaning that they had to contact those whose data they already held and check they were happy for them to keep it on their database. This gave old customers/users a chance to opt-out and have their data removed. If you didn’t do this, or if you’re ever unsure about the validity of your database and those on it, you can always send out an email asking for re-permission. This will ensure your data is as up to date as possible, reduce the risk of someone claiming you didn’t ask for permission and ensures you are compliant.

Review your vendors

The final part of your GDPR compliance review is checking in with your vendors, suppliers or any other third parties you work with. When you’re focusing on your own efforts, it can be easy to forget that those you work or trade with also need to be compliant. This is to avoid a hacker getting to your data through a third-party or them misusing the data you share with them.

Otherwise, you could find your business being held accountable, even if you weren’t directly involved. So, it’s better to be safe than sorry and regularly check with your vendors how they’re protecting their data and that they’re complying with GDPR. If they’re not, it might be time to switch suppliers.

Written by Stuart Cooke Blog Editor at Evalian.co.uk, data protection and cybersecurity training providers across the UK and Ireland.

More information about Irish Tech News and the Business Showcase, see more stories here.

FYI the ROI for you is => Irish Tech News now gets over 1.5 million monthly views, and up to 900k monthly unique visitors, from over 160 countries. We have over 860,000 relevant followers on Twitter on our various accounts & were recently described as Ireland’s leading online tech news site and Ireland’s answer to TechCrunch, so we can offer you a good audience!

Since introducing desktop notifications a short time ago, which notify readers directly in their browser of new articles being published, over 16000 people have now signed up to receive them ensuring they are instantly kept up to date on all our latest content. Desktop notifications offer a unique method of serving content directly to verified readers and bypass the issue of content getting lost in people’s crowded news feeds.

Drop us a line if you want to be featured, guest post, suggest a possible interview, or just let us know what you would like to see more of in our future articles. We’re always open to new and interesting suggestions for informative and different articles. Contact us, by email, twitter or whatever social media works for you and hopefully we can share your story too and reach our global audience.

Irish Tech News

If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at Simon@IrishTechNews.ie or on Twitter: @SimonCocking