GDPR: What to do before May
The GDPR (General Data Protection Regulation) is quickly approaching. If you are unsure what the GDPR is and why it is important, please read about it here before you move on through this article.
Now that you know what we are talking about, it is important to consider what you should be doing the next five months.
Change your definition of personal information
To start, it is important that you broaden your definition of personal information. The new regulation protects EU citizens’ data like IP addresses, mobile device identifiers, geo-location, and bio-metric data. Additionally, things like economic status, genetic identity, and cultural and social identity are included. Based on your industry, you might collect and store this sensitive data from your customers or even employees. Be sure that you’re within compliance of the regulation if you store that data.
Collect consent
Secondly, finding a way of collecting consent to store that data should be a top priority. You can’t just assume that since you have it, you can keep it. You should find a way to reach out to your current customers that fall under the regulation and get their consent again. You must also clearly define how you are going to use that data moving forward. Whether it is for email marketing to HR, you need to define these uses to the individuals who are affected by it.
Simplify user agreements
Your next step should be to update and simplify user agreements. Be sure they are easily understandable by the individuals you are seeking consent from. Lengthy agreements that we are all guilty of not reading will not be sufficient under this regulation. That’s right, this means that Apple’s user agreements will have to be shorter and easier to read!
Clean up
The next thing you should do is clean up all the data you are no longer using. By discarding data that is no longer being used, you set yourself up to avoid a potential penalty or fine associated with the misuse of data. It is best to stay on the safe side and go through the clean up before the regulation comes into effect in May.
Have a plan!
While all of the things above are important, the most important thing you’re going to need is to have a plan in place in the event that your data is breached. Headlines in 2017 were certainly centered around the many data breaches (Equifax ring a bell?) that affected various people this year. Although this particular regulation is specific to residents of the EU, organizations around the world need to comply and be prepared for a breach. You plan should comply with the data breach notification laws spelled out in the regulation, and you should know whom and how to notify if something happens.
Are you prepared?
While there is much more involved in preparing for the GDPR, having a plan, cleaning up old data, simplifying user agreements, collecting consent, and changing your definition of personal data are going to be your starting points. Do more research and download our whitepaper The Main Differences Between the DPD and the GDPR that discusses the differences between the GDPR and the DPD to get a better understanding of what steps you need to take before May. The whitepaper also has a handy checklist to help get you started.
