The deadline for compliance with the new general data protection regulation is fast approaching, and companies that aren’t compliant by 25th May will face steep fines. The new rules are much stricter on how companies source, store and use sensitive customer data, so it is essential that you have a watertight GDPR strategy that addresses these points.
Questions to frame your GDPR strategy
Getting ready for GDPR may seem like an overwhelming task, but by breaking it down into various components it becomes more manageable.
The following questions can be used as a framework to help you start articulating your GDPR strategy.
- What data do you currently hold? – A thorough inventory of the data you currently hold to identify whether any of it can be classed as ‘personally identifiable information’ is a logical first step. This is the data that will be under more scrutiny from the new regulations.
- Where is that data stored? – The rules stipulate that data must be securely stored, so you should examine the suitability of your current data storage solutions and consider alternatives if necessary.
- What do you use that data for? – The ways in which data is used is also very important, so you customers understand what their data is being used for?
- How did you get consent for that data? – GDPR puts control of data back into the hands of the customer so you need to be doubly sure that you obtained the correct permissions to use it.
- How will you ask for consent in the future? – it is likely that your policies will need to be updated to make it really clear to customers that you require access to their data, and to spell out to them exactly what you plan to use it for.
- Do you need a data protection officer? – Some organisations require a designated DPO as part of the new rules, you should check whether this applies to you and go about appointing, or hiring this person.
- How will you handle subject access requests? – The new rules allow customers to request access to the data that you hold on them, you will need to consider how best to do this in a cost-effective way
Getting help with your GDPR strategy
With the complicated nature of GDPR and the harsh penalties for lack of compliance, many companies are hiring external expertise to help shape their GDPR strategy.
At AsOne we have worked with companies across a range of industries to help them make the most of their data for over a decade. We view data as a core part of any digital business development strategy.
As such we also understand the intricacies of how that data should be sourced, stored and used in order to be fully compliant with various regulations and laws.
If you have any further questions about GDPR and how it could impact your business, or you’d like to have a chat about how AsOne can help you craft an effective GDPR strategy, don’t hesitate to get in touch.
