GDPR: first steps to compliancy

Expert Opinion
GDPR: first steps to compliancy

By Sandeep Mendiratta, MD, Acrotrend

The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and constitutes the biggest change to the data protection regime in the EU since the 1995 Data Protection Directive. It will change how we arrange, market, attend and follow-up events.

Any organisation collecting and processing data on European citizens falls under the new regulation.  Event companies hosting events in Europe or with events hosting European citizens, regardless of where they are taking place, will need to adhere to the GDPR.

The journey to become GDPR compliant is a daunting one for many businesses, but much like working toward your driving test, GDPR requires taking a systematic and informed approach. The more training and preparation you put in for your driving test, the more confident you feel on the day. The same can be said of GDPR, the more work you put in ahead of the GDPR deadline day, the more confident you will feel in handling the required changes.

At Acrotrend we work with businesses to help them on their way to becoming GDPR compliant. We’ve put together some top tips to help you start your journey.

Form a focus group: Don’t ignore GDPR as it won’t go away and leaving your preparation to the last minute means you will pay more at the end. Start talking. Invite your stakeholders to a GDPR meeting and identify a focus group that will work towards making your company compliant.

Compile a list of questions: GDPR brings in many fundamental changes to how companies collect, store and utilise customer data therefore it’s important to understand the areas GDPR affects and the impact it may have on them. Compile a list of questions from various departments and engage with a certified GDPR consultant knowledgeable in this area who has background on dealing with data protection and/or digital strategies is worth considering.

Document your personal data: GDPR requires businesses to maintain records of the personal data held, where it came from and who you share it with. A good place to start your GDPR journey is to document your personal data, which may require you to organise an information audit across your organisation. Going forward an effective policy and procedure in place to log personal data will ensure compliance with the data protection principles.

The rest of the action plan can be created based on these steps to build a proper business case and allocating realistic budgets to GDPR compliance.

Leave a Reply