Considerations when implementing GDPR

20/04/2018
Insights

The entire General Data Protection Regulation (GDPR) revolves around the protection of personal data, how personal data can be used and so forth. Below we discuss the considerations you need to make when preparing implementation to be GDPR compliant.

Depending on the type of your organisation and your activities, you may need to consider other emphasises and obligations in order to comply with GDPR.

Review and define potential actions with regard to the following items:

     B2C

B2C

or B2B

Probably direct access to a large volume of Personal Data.
Probably indirect access to a large volume of Personal Data.

Probably direct access to a much smaller volume of Personal Data.

Need for a DPOWhen processing Personal Data on a large scale, repetitively,
or when observing people or handling sensitive data.
Project leaderAppoint a project leader for the GDPR implementation process
to ensure that all elements (relevant for your organisation) are covered.

Awareness

 

Create internal awareness amongst your co-workers
and instruct them on the new privacy-related procedures.

Processor

 

Which of your suppliers is processing Personal Data on your behalf
or are you processing Personal Data on behalf of customers?

Document

 

Document all your decisions related to handling Personal Data, informing Data Subjects or other GDPR elements.
PaperIn many organisations, the majority of employees are still handling paper-based information. Are you fully aware of where and how the organisation handles paper that might contain Personal Data?
IT systems

An organisation easily has over 10 different IT systems, internal or external to the organisation.
 

  • which ones contain structured data (ERP, CRM, …)
  • which ones contain unstructured data (file servers, intranet, DMS or ECM, text-fields in ERP and CRM, …)
  • in general, 80% of your Personal Data resides in texts (unstructured)
security of
IT systems

Each IT system has built-in security methods. In most cases (over 90%),  these are not sufficient to ensure GDPR compliance.
How will you proceed on this?

A DPIA (Data Process Impact Analysis – see 4.3) is an instrument to review this.

Principles of processing

How to address (see also Principles of processing Personal Data):
 

  • ‘purpose limitation’
  • ‘data minimisation’
  • ‘accuracy’
  • ‘storage limitation’
GDPR versus workability

The GDPR implies extra tasks and responsibilities for the entire organisation. How can you automate this (e.g. with Knowliah) in order to comply with a minimum of work, while guarding your co-workers from extra stress and work?


 

Want to learn more?

You can find information on the implementation guidelines of the GDPR, like processing principles, security measures, preparations, operations and much more by clicking on the button below.
You can also download our full implementation guide 'A free quick-start guideline for your GDPR implementation' as a PDF document.


GDPR implementation guidelines

 

Share this insight