From May 2018 a new data protection law, the General Data
Protection Regulation (GDPR), will apply through the EU. The GDPR introduces a
number of significant changes including a step change in sanctions with fines
of up to 4% of annual worldwide turnover. There are more than a year remaining
before the GDPR is implemented and the changes needed to comply with it are
significant.
Consider the below to get your organisation ready for this!
Steering Group
Organise a Readiness Steering Group who will lead the
organisation and all its functions to implement the GDPR. It should be chaired
by General Counsel and includes attendees from group companies, and / or all
functions. Consider engagement of data protection specialists from law firm, to
help develop a compliance plan.
Workshops and detailed gap analysis
Plan a serious of workshops during the first half of the
year to obtain input from each of the functions about their current data
collection, processing and compliance processes. The workshops, along with
other information submitted by each functions (such as existing procedures),
will be used to complete the findings of a detailed gap analysis by end of June.
Remind your colleagues that each function will remain responsible throughout
for the allocation of appropriate resource to prepare for GDPR compliance based
on its gap analysis.
Implementation Plan
The Steering Group will further work with each function to
finalise an implementation plan by end of the year, taking into account
operational and cost implications of the options available to becoming GDPR
compliant. The implementation plan and the work to deliver it should be
monitored and reported on by the Steering Group.
Approach to be taken
While the primary objective of the project is to enable
compliance with the GDPR the Steering Group should be conscious of the need to
take proper account of commercial objectives and where possible should also use
this as an opportunity to deliver synergies and improvements by taking a
consistent approach across your organisation!
Remember business is first!
Read more on GDPR http://www.eugdpr.org/
 |
No comments:
Post a Comment