GDPR will set a high bar for global privacy rights and compliance. Getting ready and compliant with the regulation is no simple task. Make sure you won`t miss the GDPR train by evaluating your process with this timetable.
The most important date that defines GDPR is May 25th, 2018. That is the date the EU General Data Protection Regulation enters into force. That`s when every organisation needs to be in compliance with GDPR.
You should start your compliance efforts now, if you haven’t already. It is never too early to review your organization’s data privacy and security practices.
Here is a suggested timetable you could follow in your GDPR process.
The GDPR will affect all organizations established in the EU, and all organizations involved in processing personal data of EU citizens. That means it has board implications all over the world. Here are some of the first tasks that you should take care of as soon as possible:
1. Complete your information audit.
2. Review your data security and storage policies.
3. Form a team to handle your GDPR compliance process.
4. Start raising awareness of GDPR.
5. Make sure that your marketing team understands the implications that GDPR will have so they can start planning alternatives for email or SMS marketing.
6. Talk to your partners and make sure you are in the same ballpark regarding GDPR compliance.
When you have successfully accomplished the tasks above, you should start taking these steps to get closer of GDPR compliance:
1. Start proceedings that will make your privacy policies and statements GDPR compliant.
2. You need to write down policies and procedures on how your staff needs to handle data rights requests and security breaches.
4. Get permission from your existing database that will allow you to contact them after 25th of May 2018.
5. Start training your staff.
1. By now you should have trained your staff in the policies and procedures to deal with data requests or breaches so they're clear on what to do if such an event occurs.
2. Begin to re-engage your subscribers to build a database that has provable consent that individuals have opted in to receive messages from you.
1. Put in place all systems and processes that you need in becoming GDPR compliant.
2. Complete your initial database re-engagement activity, with a final push warning those who do not confirm their consent will not receive any further communication.
GDPR can be complicated. Contact our experts if there is anything that troubles you with GDPR.