Skip to main content

STEPS TO STAY COMPLIANT WITH GDPR REGULATION

The following is a guide with all the steps to be followed in order to termed as GDPR compliant.

1. Creating a data compliance folder on the company's file system. This step is important since it is the foundation of your proof of compliance. It is recommended that every move you take in efforts of achieving GDPR compliance recorded in which might be vital in the future.



2. Document and store information of any internal meetings on matters GDPR and the subsequent decisions made from these GDPR meetings.

3. Have and name a specific data protection personnel.

4. Map all your data. This means that you should state in clear terms which type of data your company collects and where.

5. Separate this data into different distinct categories.

6. Identify specific lawful basis for managing all the different categories of data.

7. Make sure to renew consent where it is necessary. It is crucial that you consult established data processors which ensures that they are have complied too. A good example of an established data processor company is a company like Mailchimp. You should be extra cautious in this step since it a bit more complicated and even more bigger corporations like Honda have been in trouble because of this.

8. Create a policy which will identify and manage data subject admission requests.

9. Create and roll out a strategy which will be responsible for handling any data deletion or rectification requests.

10. Formulate a non-compliance document for the purpose of showing awareness of compliance omissions. This document should also show a plan of full compliance or at the very least reduce risk mitigation.

11. Come up with a password policy. This policy should be targeted to all company staff.

12. Reach out to your whole database (marketing or otherwise) and choose to opt in to the varied means of communication that you plan to send. This should STRICTLY be done before the 25th May 2018. This is to test whether a person should expect to get an email about a certain topic from you. For example, sending an email about the opening time of your swimming pool to a member of that particular swimming pool is acceptable. However, sending the same person an email about new swimming merchandise especially when they have not requested for this information might be deemed as unethical

13. Keep a separate document which has records of people who have opted-in and others who are yet to opt-in.

14. Create a specific retention schedule which will be used for data. If this data reaches the stipulated retention period, destroy the data in a manner which is in accordance with the regulations.

15. You are responsible for training your personnel to ensure they are knowledgeable on what makes up personal data. You get extra bonus points if you practice different case scenarios with your staff and also if you create a staff GDPR Staff Awareness Status Report which records the staff who participated in this training.

16. You are expected to train your members of staff on how to identify any kind of breach and how to detect email scams

17. Create a policy for breach response.

18. Have a log which records data breaches. This log will record actions such as "Staff x sent a products list email to Tom Smith in the technology department and not Tim Smith in the products department."

19. For security reasons, make sure that your company's website is HTTPS.

20. It is also very important to ensure that your company's devices such as computers and other related machinery are encrypted where possible. If you are using a MAC device you can encrypt it by

21. Document physical storage of data. This includes data in USB disks, physical files and in other formats.

22. You are responsible for locking and securing all data.

23. Register the different serial numbers of your company's computers in an asset register. This should be done regardless of the information that is contained in these computers. In the case a computer is stolen, you might need to the Information Commissioners Office (ICO) that the particular computer did not contain personal data.

24. Review which members of staff should access information on your company's devices.

25. Update your company's website policy on privacy. This update should include - Data retaining period
- Recipients
- Specific identification of the controller
The clear purpose of processing


26. Mention the specific cookies that your website uses. This should also be accompanied by the option to opt-in or not. This is a pivotal step since you can only provide the users with a Google Analytic tracking script if they only opt-in.


27. It is recommended that you consult with experts on both the legality and technical aspects of these changes. This will provide you with information on your compliance process.

28. If your data processing takes place in the UK, it is prudent to register with the ICO. The normally charge about 55 pounds annually and an additional 20 if your company is in the direct marketing niche. You can view the ICO's cookie policy, and you may want to use the Cookie Control tool by Civic UK which we are using on our website too. 

 Do you have a website? and want to stay compliant with GDPR regulations.













Privacy Policy                                 Terms Of Use

Comments

Post a Comment

Popular posts from this blog

Building Online Authority By Promoting Yourself

As an entrepreneur for a long term success, you need to start building a personal brand the right way and gain reputation in your niche, which is the most valuable asset you own .   This authority status allows you to amplify your message, convert the audience into higher paying customers and build a great team around.  Once you develop authority, you no longer have to chase sales leads and prospects.  Actually, they will find you and your offers. Possibly, many people look at your offers right now, but they don’t choose you. By converting to an authority position, those people will choose you. Below Are 8 Ways To Promote Yourself As An Expert 1. Videos are an excellent way to connect, engage your prospects, and promote yourself. Record a video to tell them a little about yourself. Place this video on your social media page, on your web site. Tell people a little about yourself. 2. Publish a free e-zine. Use some of the extra space in your e-zine to write about yo
1 comment
Read more

How To Promote Your Product Or Business Fast

If you just started in Internet Marketing, Solo ads is the fastest and easier way to get visitors to your website – ‘your squeeze page’, where you promote your product or business.  Until you learn PPC Marketing, Facebook advertising, and s.o., Solo ads are an easy and fast solution. The advantage of Solo ads is that you don’t need a long process of learning until you get results, but there’s a cost involved. Solo ads involve paying another website to send an email to their mailing list in order to promote your website.  So, people opt-in and go into your mailing list and you can promote affiliate products to them in your email follow-up sequence. There are two ways to find Solo ads. Method one is by tapping into other people list. First, you have to establish who is the targeted audience you need for your offer.  Then, go on Google and find websites that target a similar audience, if possible in a similar niche.  Find a list of potential solo providers and che
1 comment
Read more