In this digital age data is money. In the hands of an adept person, data clusters can be gold mines. In their eagerness to be able to lay their hands on this gold mine, many individuals and companies cross the line of ethics and legal code of conduct, giving rise to data breach issues. The European Union realised the threat of data breach looming large on individuals and passed the GDPR or General Data Protection Regulation in 2016. Implemented in May 2018, GDPR is a set of regulations that strengthens the data protection rights of EU citizens. GDPR empowers citizens to question companies regarding the personal data they hold. Citizens can also demand that companies delete their personal data. Non-compliance with GDPR can attract heavy penalties. While the regulation is soft on small businesses, that, in many cases, may escape with just a stern warning, it comes down heavily on large corporations that fail to comply with the regulations. Non-complying MNCs can end up losing 4 percent of their total gross for the year or 20 million Euros. Whether you already have offices in the EU or are eying any of the 28 member countries to expand your operations, your business must be GDPR ready. To help, we in this article, take a look at some things you need to do to ensure smooth sailing.

1.Understand GDPR: If you do not know anything or have very little knowledge about GDPR, now may be the best time to update your knowledgebase. To develop a good understanding of GDPR, go through its different clauses and important Articles such as Articles 5, 6, 25 and 32. Look for definitions of important terms such as data processor, data controller and subject.

2.Get consent from your customers: Forget getting implied consent, if you have EU residents in your database, getting their explicit consent is a must to ensure compliance with GDPR. Streamline your data collection methods and leave no scope for confusion when specifying the information to be collected and how it is to be used.

3.Conduct regular audits: Conducting data audits at regular intervals is necessary to ensure compliance with GDPR. When auditing your database, check the information stored and its source. If required, go through necessary documents to track the origin of data. Only store information that you need.

4.Adopt data security measures: To avoid data breach issues, always collect data in a secure environment. Use encryptions and passwords. Update your privacy policy at regular intervals. To address issues related to reporting and compliance in case of a breach, have an action plan ready. Instead of trying to cover up a breach, inform your customers about the nature and extent of data that was compromised.

5.Honor your customers’ right to privacy: Honour your customers’ demand to erase personal data. When you receive a request to delete personal information, make sure to erase every bit of data. To avoid retaining any data, move all the information to a central environment before deleting it. You must also honour your customers’ request to access and move data.


6.Educate your staff: A business is only as good as its people. To get your business GDPR ready, you must educate your staff on the importance of compliance. To ensure the message is loud and clear, conduct regular meetings and training sessions. Circulate memos explaining GDPR rules. Conduct follow-up meetings to discuss the key points in the memos.


7.Make sure your website is GDPR ready: Make sure there are no online forms with pre-checked boxes on your website that allow you to share user information with third parties. Explain your cookie policy in an easy to understand language. To honour your customers’ GDPR requests in a timely manner, consider developing a self-service portal.


8.Follow a process to honour requests in bulk: A business gets 30 days to comply with GDPR requests. If you leave everything to the last minute, complying with the deadline can be an uphill task. To avoid burdening your team members, have a process to honour requests in place. If you suspect that the reasoning behind the GDPR request can be detrimental to your business interests, you can contest the request.


9.Streamline your records management processes: Store data in a secure environment and make sure only authorised personnel have access to the database. Prefer using automated processes. Destroy information that is no longer relevant and specify the duration for which data can be stored.


10.Have a process in place to extract requested information: When you get a GDPR request from a customer, you must provide them a list specifying the information that you store. You may have to retrieve information from different systems. To save time and efforts, it is advisable that you have a process and technology in place to be able to retrieve data seamlessly.

There’s no denying the fact that the task of complying with GDPR is a challenging one. That said, every cloud has a silver lining. GDPR compliance is an opportunity to project your business in the best light and earn your customers’ trust.