Latest news

How to get ready for GDPR?

23.10.2017

Only until 25 May 2018 will you have time to implement GDPR in your firm. Use this time wisely to avoid heavy fines. And time is scarce. Plan the next steps carefully to make sure you have enough time to take all necessary actions.


1.    Increase awareness in your firm that changes are on the horizon
Make sure that decision makers understand what the coming changes involve and what are the consequences of non-compliance with GDPR. Organize a training for heads of departments in your firm. Make them aware that the obligation to implement GDPR concerns everyone dealing daily with personal data.
2.    Analyse processes which involve personal data processing
This is the right time to carry out audit of policies, define processes which involve personal data processing in the firm, meet and talk with team leaders.
3.    Verify on what legal basis you collect and process personal data,
Meet the persons who supervise the collection of respective categories of data. Pay a visit to HR, Marketing, Sales and IT director.  Determine jointly what is the objective of collecting personal data, where are the data stored and who can access them.
Double check:
•    What kind of data does your firm process?
•    Are the collected data updated?  
•    What is the time of data retention?
•    Does your firm collect any excess data which in fact are of no use in view of business objectives?
•    How  the rights of individuals are addressed?
•    What activities involving personal data processing will the firm undertake in the future (new processes, new IT systems)?
4.    Check if you have procedures to enforce the rights of individuals?
Update or create a procedure for enforcing the right to access data, right to amend and delete data, right to refuse automatic decision making processes and profiling and the right to transfer data.
5.    Procure documentary evidence for processes involving personal data processing   
This is the time to draw up policies, procedures and authorizations. The quantity of data your firm is processing will be reflected in number of processes which you will have to develop at this stage.  
6.    Carry out data protection impact assessment, if required 
Determine legal, organizational and IT measures that will reduce risk of breaches of personal data protection. Consult experts in this field, take notice of the supervisory authority’s guidelines.
7.    Review data entrustment agreements in terms of their compliance with GDPR, amend them, if needed.
Check if the services your firm is providing require new entrustment agreements to be drafted. If so, make sure they will be signed.
8.    Check if IT systems comply with GDPR requirements.
Carry out appropriate penetration tests, make sure that data stored in IT systems comply with the data protection requirements by design and by default settings.
9.    When you finish, begin anew…
Remember that preparing for GDPR is a never-ending process. Now, you have to make sure that any new data will be stored in line with principles introduced by GDPR.


It is worth paying special attention to the preparation of your firm for GDPR. At stake is even a EUR 20 million fine for non-compliance with new regulations.  

 

Download pdf version of this Newsletter here.

Subscribe our newsletter

If you want to be up-to-date, subscribe our newsletter!

WHICH TOPICS ARE YOU INTERESTED IN?

TGC Corporate Lawyers

ul. Hrubieszowska 2
01-209 Warszawa
✆: +48 22 295 3200

TGC Corporate Lawyers

City Business Center 5 Karadžicova 16
821 08 Bratislava
✆: +421 254 630 457

TGC Corporate Lawyers

Jezuitská 6/1
602 00 Brno
✆: +420 542 425 831

TGC Corporate Lawyers

ul. Strzegomska 142A
54-429 Wrocław
✆: +48 71 733 1300

TGC Corporate Lawyers

ul. Smoleńsk 18/1
31-112 Kraków
✆: +48 12 334 9100

TGC Corporate Lawyers

ul. Nawrot 114
90-029 Łódź
✆: +48 42 671 8560

TGC Corporate Lawyers

U Garáží 1611/1 Praha 7 Holešovice
Prague
✆: +420 221 111 611

Poland, Czech Republic, Slovakia

Offices of TGC

Corporate Lawyers

close This website uses cookies to provide services in line with Cookies policy. You can define terms and conditions of storing or accessing cookies in your browser.