Are you GDPR ready? There is only one month until GDPR comes into force!
Data has been much talked about across the media recently with GDPR being top of the agenda of many global companies. Are your policies, contracts and terms and conditions compliant with GDPR regulations? Here are some initial small steps we suggest you take ASAP.
We recently provided information on GDPR on our blog here. Since then we have assisted a number of clients in Asia Pacific with GDPR readiness. But we are aware there are a number of companies out there who still haven't taken the important initial steps. Much of this could be down to not being aware if and how it applies to you? Or otherwise, you may have been scared away by the scale and therefore potential fees being charged by large firms – consulting, legal, accounting or otherwise.
There are options available to take small steps to becoming GDPR complaint - depending on your risk profile and budget:
- Basic – do the bare minimum and hope that it will suffice (risk factor: high - but arguably better than doing nothing)
- Medium – at least do a high level audit and analysis and take some remediation steps (risk factor: medium, but still not fully compliant)
- Full – detailed audit and full analysis and remediation (risk factor: low, but costly depending on your business – and running out of time!)
A quick recap on GDPR
On 25 May 2018 (only 4 weeks away) we will see the European General Data Protection Regulation (GDPR) come into force. The purpose of the GDPR is to protect natural persons and their personal data when such data are being collected and processed by the companies. The GDPR will apply in the EU, as well as internationally, if a company is located within the EU; offers goods or services (for a payment or for free) to data subjects located within the EU; or otherwise monitors the behaviour of individuals located within the EU.
As well as significant reputational damage for getting this wrong, penalties for breach include fines of up to 4% of annual company group worldwide turnover or EUR20million – whichever is higher. So this needs to be taken seriously!
What are some of the key questions companies should be asking?
- Do the new GDPR obligations apply to my business? (see above)
- What are the new GDPR obligations? How will they affect my business?
- What minimum steps should we take to prepare for the changes required?
What do I need to do to ensure compliance?
- It’s very late so you need to start now!
- Be aware - compliance with GDPR regulations may require significant changes to processes, technology and operational structures ahead of the compliance deadline.
- To start, adopting a basic approach with a plan for a more comprehensive programme will be better than doing nothing at all.
Where do I start?
- Understand what data you have, where it is from and where it is being used;
- identify whether GDPR impacts your business;
- if so, identify if you’re currently compliant (gap analysis); and
- then identify changes needed to achieve compliance (implementation & remediation).
How can KorumLegal help?
KorumLegal can provide Legal Consultants to assist with the following:
- Conduct a GAP analysis of existing systems, processes, data flows, suppliers, customers and contracts
- Identify remediation steps needed to ensure compliance
- Provide tools, policies, and playbooks to achieve GDPR compliance
- Provide training and awareness on data privacy to meet core GDPR requirements
- Provide flexible legal support for in-house or remote project support
- Utilise our community of experienced legal consultants, legal project managers, technology partners and networks to provide an integrated solution
- We will combine our People, Process and Technology solutions to support you and your organisation.
Get in touch with us here to find out how you can get started.
For more information on GDPR readiness, see resources below:
Titus is the founder of KorumLegal. He has a keen interest in technology and innovation.