General Data Protection Regulation (GDPR) becomes effective in the European Union. Here are the top-8 tips to prepare your software company for GDPR:
- Raise Awareness: Make it your responsibility to raise awareness internally within your peer groups, company, and board-level associates.
- Identify what data the company retains: Document what personal data is stored. Identify where it came from, the reasons why it is stored, and create a yes/no checklist as to whether it is necessary to store it.
- Remove any unused personal data that is no longer required for regulatory or historical reasons, on all software systems and databases.
- Create a GDPR-responsibility-framework: Create an organizational chart showing which role, or third party where applicable, is responsible for each element of GDPR.
- Update security data policies and procedures: One of the most important aspects of GDPR is that policies and procedures must be easily accessible and must also be easy to understand.
- Make sure that GDPR becomes part of way of working of every person: GDPR should be a normal part of the daily working life, just as getting up and going to the office.
- Prepare for a data breach: The fines for a data breach are huge—up to 20 million euro or four percent of global turnover of the company.
- Know the rights that people have and prepare to be challenged: The company owner and board is responsible for demonstrating why data storage and processing is needed and ensuring its integrity.