What does a compliant company look like?

A company that is GDPR compliant regularly trains all its staff. Firstly, the employees should be “in the know” with a general presentation (and a list confirmation). Than the company conducts training and refresher sessions on a regular basis, as mentioned in their training policy. It incorporates data protection training into its process for onboarding new employees and when retaining contractors. A compliant company does not simply train its staff and then forget about data protection compliance – it embeds data protection compliance into company culture so that protecting personal information becomes second nature.

Appoint the persons responsible

It is important to identify who, within your organisation, is responsible for privacy compliance and who else is involved:

– individuals who are authorised to decide on important matters on behalf of the organisation
– individuals who know about law, technology and data processing within an organisation
– people who recognise the importance of privacy compliance.