General Data Protection Regulation
General data protection regulation
GDPR is a european law that strengthens human privacy. The GDPR legislation elaborates on Belgium’s privacy law. In this law you will also find a lot of important information related to the use and storage of citizens’ data . How can you make your company GDPR compliant?
1. Information
Make sure everyone in your company is aware of what the GDPR entails. Ideally, you should appoint an outside DPO who can help you.
2. Database
Make sure you have everything inSet yourself a few questions:
- What data do I have
- where did that data come from
- Who processes this data?
- …
3. Privacy Statement
According to gdpr legislation, you must have a privacy statement from your company supplemented with the following points:
- Data processing
- Term: How long do you keep the information?
- Is your data held outside the EU ?
- …
4. Disclose all rights of data subjects
Listing all user rights, information and access to personal data, corrections and deletion of data, …
5. Update of data
You must respond to requests for access to the data free of charge and within 30 days. To be able to deny unfounded requests, you have to change procedures.
6. Document procedures.
All data being processed must be tracked, the legal basis must be determined, and then this data is documented. Should you have problems in the future you have kept good records of this so you have a legal basis.
7. Data breach action plan.
Personal data breaches must be reported within 72 hours, and you also need a procedure that detects, reports and investigates data breaches.
8. Appoint a data protection officer to
Appoint a data protection officer within your company and determine what place this person will occupy within your corporate structure. You can also opt for an external DPO
Preventing fines
Before this is all in order you will need some time. There is a lot involved in making your company GDPR-Proof. Failure to comply with these rules risks fines.
