Tomáš Mičo, ESET Senior Data Protection and Licencing Lawyer, suggests five important points to focus on when considering your organisations GDPR compliance.
GDPR is about to change the way we think about personal data processing as well as the protection of data subject’s rights. It is not easy to pick up five important checks but the following are good to focus on:
- Principles Check. Comprehensive analysis and following validation are required when it comes to principles stipulated by GDPR, which are the most important part of GDPR Compliance. Lawfulness, together with fairness and transparency, purpose and storage limitation, data minimisation, accuracy and integrity with confidentiality must be present in every stage of data processing.
- Accountability Check. After having all principles embedded into data processing activities, ability to demonstrate is about to be checked. Controller has to be able to provide solid evidence to support the claim of compliance during the investigation of a Supervisory Authority.
- Appointment of Data Processor Check. All former contracts with data processors have to be revised and amended to ensure compliance with requirements of GDPR.
- Data Subject’s Rights Check. The controller should prepare and test the worst-case scenario of data subject’s request; just to be sure that appropriate answer can be given within the period required by GDPR.
- Data Protection Officer Check. In case of data controller with legal obligation to appoint DPO, selection process should have been already finished (or started at least).
Do you have any GDPR advice to share? Let us know on Twitter @ESETUK.