reflexblue has developed a unique four-point approach to prepare for the introduction of the GDPR in May 2018. This approach can be adopted by other businesses as a basis for GDPR preparation.
The first step to GDPR readiness is to EDUCATE.
- Companies should arrange an initial briefing to ensure that all staff are aware of the new regulations and how they affect the work of their company as a whole and the individual responsibilities that they hold.
- Companies should continuously circulate reminders and expanded information about the GDPR with staff to ensure that the importance of the new regulations is stressed
The second step is to COMMIT.
- This is to publicly express a company’s commitment to ensuring full GDPR compliance. Companies should outline, in a written statement that can be accessed by all stakeholders such as business partners and customers, the measures that they are being taken to ensure the rights of citizens are being addressed and guaranteed to be complied with by the organisation.
The third step is to DEVISE.
- Companies must here analyse where the personal data they use themselves comes from through an institutional self-assessment of all data that is held.
- From here, specific and tailored frameworks and procedures should be developed that are specific to a company’s operations.
- These processes must be rigorous and constantly compared back to the legislation to ensure all bases are covered adequately.
The final step is to IMPLEMENT.
- Companies should begin implementing the frameworks and procedures they have developed WELL BEFORE the actual introduction of the GDPR in May 2018.
- By beginning implementation early in 2018, this gives adequate for any potential drawbacks or teething problems with the procedures to be identified, addressed and updated to ensure everything runs smoothly when the legislation actually comes into force.