The internet has made it possible for anyone to do business anywhere in the world. It doesn't matter if you sell homemade soap with a Wordpress site or multi-million dollar services to the government, if your enterprise uses the internet, it is a global business. And as a global business, there’s a whole host of rules and red tape regarding how you need to keep your customers data safe!
Ask yourself these questions:
- Should I be worried about GDPR?
- What if I ignore GDPR?
- How do I know if it's relevant to me?
GDPR hype and news seems to be everywhere and keeping up to date with what is relevant and what isn’t can be difficult even for the largest and most sophisticated organizations, but there are some easy steps that you can take to see if GDPR is something you should concern yourself with. Emagined offers a helpful set of tools that will assess your enterprise's readiness to comply with the provisions of the GDPR (click here for more info). If that seems too much too soon then Microsoft has a publicly distributed Excel file that we can send you as a quick self-analysis. Just fill out the form below.
The law has gone into effect and you need to know if you’re ready for it.
IF you're "pretty sure" GDPR applies to you then ask yourself:
- What PII data do we collect and/or store?
- Are we transferring the personal data outside the EU and if so, do we have adequate protections in place?
- Have we obtained it fairly? Do we have the necessary consents required and were the data subjects informed of the specific purpose for which we’ll use their data? Were we clear and unambiguous about that purpose and were they informed of their right to withdraw consent at any time?
- Are we collecting or processing any special categories of personal data, such as ‘Sensitive Personal Data’, children’s data, biometric or genetic data etc. and if so, are we meeting the standards to collect, process and store it?
- Are we ensuring we aren’t holding it for any longer than is necessary and keeping it up-to-date?
- Are we keeping it safe and secure using a level of security appropriate to the risk? For example, will encryption be required to protect the personal data we hold? Are we limiting access to ensure it is only being used for its intended purpose?