Steps for implementing GDPR

The implementation of the General Data Protection Regulation (GDPR) is a major challenge for all companies that collect, process or store personal data of EU citizens. The GDPR entered into force on May 25, 2018 and brought new obligations for companies to protect personal data.

In order to comply with GDPR, companies need to identify their business’s pain points for the protection of personal data and analyze how they collect, process and store this data.

  • Identifying the company’s personal data protection pain points – GAP Analysis or GDPR Compliance Assessment
  • Analyze how the company collects, processes and stores customer and employee personal data.
  • Appointing a Data Protection Officer (DPO) to ensure GDPR implementation and compliance – If applicable.
  • Assess and understand the legal obligations under GDPR and their impact on the company.
  • Assess and review existing policies and practices for the protection of personal data.
  • Train employees on GDPR and their role in its implementation.
  • Identifying and understanding the sources of personal data and the purposes for which it is used.
  • Assess the necessity and legality of collecting, processing and storing personal data.
  • Implement a system for managing consent to the collection and processing of personal data.
  • Set up procedures for handling requests for data access, rectification, deletion and portability.
  • Implement security measures to protect personal data, including encryption and backup.
  • Assess and understand the obligations to notify security incidents involving personal data.
  • Assess and understand the Data Protection Impact Assessment (DPIA) obligations for certain activities presenting high risks to the rights and freedoms of individuals.
  • Develop and implement an action plan to rectify non-compliances discovered during the implementation process.
  • Assess and understand the obligations for reporting to the supervisory authority and notifying customers of security incidents.