Is your company GDPR-compliant?
It’s not optional. And it’s not something you want to get caught out red-handed on.
The maximum fine for non-compliance is up to €20 million, or 4% of annual revenue. And the EU is stepping up its game: In Q3 of 2021, the total fines issued amounted to nearly €1 billion.
That’s 20 times the total of the first two quarters.
Read this GDPR compliance checklist to find out how to stay on the right side of the regulators.
GDPR: The EU’s New Data Protection
Signed into law in 2018, the General Data Protection Regulation (GDPR) is a sweeping mandate concerning user data protection.
It sets out strict guidelines for any website or online service operating in the EU.
Personal Data Under GDPR
The explosion of tracking cookies and personal data breaches over recent years meant the EU took data protection seriously.
Under GDPR, organizations must abide by certain terms:
- Personal data must be safeguarded
- EU citizen privacy rights must be upheld
Every organization that handles user data must comply with GDPR in the European Union – or face harsh penalties. There are seven principles to abide by, and eight privacy rights that must be assured.
The privacy rights of citizens are:
- Right to be informed
- Right of access
- Right to rectification
- Right to data erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights regarding profiling and automated decision making
A Simple GDPR Compliance Checklist
There are a lot of rules and regulations to abide by – but they can be broken down into the following points. Look no further if you’re wondering how to be GDPR compliant.
Create a Data Registry
You need to know what customer data you’re collecting to be compliant. This means storing the data in a registry that contains the following information:
- Full name
- Contact information
- Reason for data collection (e.g. marketing)
- Method of data processing
- Proof of consent to collect data
- Sensitive (e.g. name) vs. non-sensitive data
Be Transparent About Data Collection
There’s no sense in trying to hide your intentions. That comes off as dishonest to your customers and gets you in trouble with regulators.
Customers need to know when they’re sharing data with you – before you’ve begun collecting it.
For example, a checkbox allowing you to send promotional offers via email must do two things:
- It must state that it is optional, and
- It must not be pre-checked (customers must opt-in)
Use a Data Erasure Specialist
GDPR requires the use of a data erasure and protection specialist. Now, there’s one caveat: This only applies if the data is processed on a large scale.
Unfortunately, what constitutes “large scale” isn’t defined. But it’s best to err on the side of caution – a specialist service provider like Certus is a great option to stay compliant.
Avoid Unnecessary Fines
The European Union takes data protection seriously. And the penalties for non-compliance are steep. Follow what we’ve set out in this GDPR compliance checklist to stay above board.
If you found our article helpful, be sure to check out others in our business category.