Bookmark This GDPR Checklist For Your Business
11/13/2020
Is your business GDPR compliant?
The General Data Protection Regulation (GDPR) relates to all businesses that offer goods and services to European residents and collects personal data in the process.
That means that if you have even one customer from the EU, you’re required to be compliant with this comprehensive privacy law. The good news is that if your organization is serious about data privacy and data protection, you probably have nothing to worry about.
Follow this simple GDPR checklist to see how compliant your business really is.
Self-assessment
According to the GDPR’s own website, conducting a data protection impact assessment is the simplest way of establishing compliance, not just with the GDPR, but with other privacy laws like the CCPA and HIPAA as well.
Ask yourself the following questions that relate to your data processing activities.
- Have you conducted an information audit?
- Does your business have a legal justification for processing data?
- Do you provide clear information about your data processes and privacy policy?
- How transparent are you about data processing?
- Did your customers opt in to have their data collected?
Data security
One of the core principles of the GDPR is that of “data protection by design and by default.” In layman’s terms, it means to take data protection into account at every step of your business activities.
Gather the troops and go through the following questions.
- Do you take data protection into account from the start of development?
- Do you employ data masking or de-identification methods to protect sensitive data?
- Do you have an internal security and awareness policy about data protection?
- Do you have a data protection impact assessment process in place?
- Do you have a data breach notification process in place?
Accountability
No one likes to point fingers, but in order to be compliant with the GDPR, you first need to assign someone to ensure all requirements are met.
Ask yourself the following questions:
- Is someone responsible for ensuring GDPR compliance in the business?
- Do you have a data processing agreement in place for third parties that process your data?
- If you fall outside the EU, do you have a representative within a member state?
- Have you appointed a data protection officer?
Privacy rights
The GDPR guarantees privacy rights in the strictest terms. That means your customers have the lawful right to see what personal data you have about them and how you're using it.
Ask yourself the following questions to ensure it’s as easy as possible for your customers to enquire about their data.
- Is it easy for customers to request the data you have on them?
- Is it easy for customers to correct or update their information?
- Is it easy for customers to request that you delete their data?
- Is it easy for customers to object or ask you to cease processing their data?
- Is it easy for customers to request a copy of their personal data?
- Do you have a procedure in place to protect your customer's rights?
Good data privacy practices are the responsibility of everyone in your business. With data breaches on the rise and lawmakers clamping down on non-compliance, being on the right side of privacy laws just makes good business sense.
Start your compliance journey the right way by integrating a data protection method like data masking at the beginning of development. Hush-Hush Data Masking is a GDPR-approved method of de-identifying identifiable sensitive data elements that maintains referential integrity across the entire enterprise.