You’d have to be living under a rock lately to not have heard of GDPR. The media has been warning businesses and organizations for some time, and email inboxes have been filling up with updated privacy policies. So, having a 2018 GDPR checklist is essential to getting your organization ready and compliant.
But understanding all the lengthy articles and legal jargon can be overwhelming. What exactly do you need to concentrate on when getting your organization ready?
First, let’s make sure we understand what GDPR is and why it’s important. Then we’ll go through the checklist you need to have to give you the GDPR confidence your company deserves.
Understanding What GDPR Is
GDPR, also known as the General Data Protection Regulation, is legislation regulating the collection, storage, and processing of personal information on clients, customers, suppliers, and other business partners who all belong to an EU country.
Any company working within the EU needs to be compliant. If your company is located outside the EU but still does business with EU residents should also be compliant. Anyone found violating GDPR is subject to fines up to a whopping EUR20 million or 4% of the global company’s revenues.
Your 2018 GDPR Checklist
Now that you understand how important it is to get your business GDPR ready, let’s go through a quick checklist of what you should be paying attention to when it comes to being compliant.
Map and Audit Data Flow
Know where all of your data is stored. And keep an inventory of all the devices connected to your network. This will help you be able to create processes to keep your clients’ data protected.
Identify Third-Party Processors
Appoint a Data Protection Officer
Assign someone in your business to be the Data Protection Officer. This person will be responsible for maintaining standards and reporting any requests and breaches to the proper authorities.
Adapt Privacy and Cookie Policies
Update privacy policies, using transparent wording, to let your clients know how their data is being collected, used, and how they can request changes if needed.
Identify at What Stages Privacy is Accessed
Knowing where client data is accessed throughout shipment or service fulfillment processes will help you know where to update any data that a client has asked to be altered or deleted.
Update employee and physician handbooks and train all associates on the proper ways to use the GDPR policies and educate them on what to do if there’s a breach.
Identify the reporting authority so you know the proper channels of communication and procedures if there should be a data breach. You have 72 hours after the breach has been identified to report to authorities.
Now That You Know, Let’s Get Compliant
Using this 2018 GDPR checklist will either confirm you took the necessary steps to meet the May 25th deadline or will give you the knowledge in how to quickly catch up. Being sure your patient data is safe and secure will not only give them peace of mind but you as well.
Curious if your organization is vulnerable to a HIPAA security breach? Click here to discover five tips to help prevent them.