Many have heard the rumor, and the rumor is true. On May 25th 2018 a completely new set of rules within personal data come into force and your company will have to comply with them.
Step 1: Get an overview of your personal information
Start by gathering those of your employees who are in control of the different departments and processes in the company. Together you will do a brainstorm session on what you have in terms of personal information and how it’s used today. Document everything and then structure it, so you can get a clear overview of the session.
Step 2: Is what we do allowed?
Once you get an overview you need to evaluate whether what you are doing with the personal data today is allowed. The set of rules are clear on what you can do. So, if what you do is not allowed, it is forbidden. That is important to remember. You must, as lawyers say, have the authority to process the information. The most important is the consent and fulfillment of contract.
Step 3: Where are we going?
Step 2 lets you know what you are missing to comply with the new regulation. This should encourage you to make a gap analysis to get an insight of where you should change you processes, implement new technical systems or similar.
Step 4: Implementation
The last step is to implement the new procedures, IT or similar.
It is possible that you will not reach your goal by May 2018 with only these four steps, but they will ensure that you get off to a good start.