GDPR Compliance

author portrait

Lasya Pamidi

GDPR
Legal
Privacy Policy
Website Policies
Last updated on April 30th, 2021

GDPR compliance means ensuring data is collected legally, informing users of how it is treated and also keeping data secure. GDPR gives its protected users and EU residents more rights and also control over how their data will be processed.

Steps to Ensure GDPR Compliance

  1. Understand the General Data Protection Regulation

    It’s a regulation that unifies data protection laws across all member states of the European Union (EU), including Ireland, Lichtenstein, Norway, and Switzerland. Some of the important clauses are as following:
    Art. 5- Principles relating to the processing of personal data
    Art. 6- Lawful bases of personal data processing
    Art. 12 to 22- Users rights
    Art. 25 & 32: Companies should implement the necessary protection measures to protect the personal data of the data subject

  2.  Effective Data Mapping

    Additionally, You must understand how data moves in your organization. Documenting the way information flows in your company by making an inventory helps you demonstrate that you comply.

  3. Privacy Policy and Terms and Conditions

    Review and update your current Privacy Policy and Terms and conditions of use. This is the first place people will look to check for GDPR compliance. It must be concise, transparent, and also easily accessible. You must communicate to your users the legal basis for processing data, data retention, user rights among other applicable clauses.GDPR Compliance Privacy Policy Template

  4. Training all Company Personnel

    All persons associated with your company need to understand the importance of data protection. Additionally, a basic training on the principles of the GDPR and the procedures for compliance must be done.

  5. Report all Data Breaches

    You should ensure you have all the right procedures in place to detect, report and investigate both internal and external data breaches. You should also review your procedures to ensure they cover all the rights individuals have.

  6. Opt-In Forms

    This is the standard way businesses gather information, so you need to adjust all the forms you use to comply with GDPR. Forms have the potential to collect lots of interesting personal data, therefore, collect only the fields you actually need for processing. Subsequently, don’t keep that data for longer than absolutely required.

  7. Obtain Cookie Consent

    You must obtain clear, specific consent from users to place cookies and track them. This can be implemented by a popup on a user’s first visit that allows users to consent to or decline cookie use. 

  8. Consensual Data Transfer and Disclosure

    Make sure that your data processors will ask for your users approval whenever they intend to transfer data outside the EU/EEA.

  9. Data Protection Impact Assessments (DPIAs)

    Any company that engages in high-risk data activities, such as processing special categories of personal data (like biometric or genetic data), must complete a Data Protection Impact Assessment (DPIA).

  10. Legitimate Interests Assessments (LIAs)

    An “interest” is considered to be “legitimate” as long as the data controller can pursue this interest in a way that complies with data protection and other laws.

  11. Data Protection Officers

    The GDPR will require some organizations to designate a Data Protection Officer (DPO). A DPO is an employee within your organisation who is responsible for understanding the GDPR and ensuring your organisation’s compliance. As a result, the DPO is the main point of contact for the data protection authority. Typically, the DPO has knowledge of both information technology and law.

  12. Processing Children’s Data

    If your organization processes data from underage subjects, you must also ensure that you have adequate systems in place to verify individual ages and gather consent from guardians. 

  13. Monitor and Audit

    Keep your data safe from hacking, accurate and up to date, and even delete it after a period. Additionally, limit the data you collect and store via form submission and clean up your mailing lists.

GDPR Compliant Privacy Policy Template
Download GDPR Compliant Privacy Policy Template for your website
Download
GDPR Compliant Privacy Policy Template
Download GDPR Compliant Privacy Policy Template for your website
Download

FAQs

What constitutes a breach of the GDPR?

Any unlawful or accidental security event that compromises a user’s personal data constitutes a breach of the GDPR. GDPR Article 4 defines a data breach as an incident that involves data being destroyed, lost, altered, or disclosed to a third party.

What is the fine for a GDPR breach?

The fine for a GDPR breach is €20 million ($24 million) or 4% of annual global turnover, whichever is higher.

Do I need to have a GDPR-compliant Privacy Policy?

If you fall under the jurisdiction of the GDPR, you must have a GDPR-compliant Privacy Policy. The GDPR applies to you if you are located in the EU, or offer goods and services to individuals located in the EU, or also monitor the behavior of individuals located in the EU.

Got Questions? Ask Away!

  1. A Privacy Policy is not only the legally required document to disclose your practices on protecting personal information, but it’s also a great way to show users that you can be trusted, and that you have procedures in place to handle their personal information with care.