GDPR enforcement: the check-list

GDPR enforcement: the implementation of the European General Data Protection Regulation (GDPR) can be complex and demanding. During implementation, it is important to understand whether your piano is going in the right direction or not. Let’s look at the main steps in implementing the GDPR that your project must include.



Step 1 – Awareness

Employees should be ‘in the know’: you have to inform and train your employees. Start with a simple presentation: the GDPR employees presentation.

Than you have to deal with the Data Protection Officer: the DPO. Who is your DPO? Do you want to find a new person? You need the DPO job description.

Step 2 – Preparation

To enforce the GDPR, the second milestone is the preparation of your company. The most important point is to full-fill the data inventory map.

Than, don’t forget to create your different security policy: read this article. After that, you have to have a discussion with your stakeholders: update your contract and create the data subject access request policy.

Step 3 – Implementation

The last milestone for the enforcement is the implementation. You have to be aware about the rights of data subjects. You have to implement the DPIA process, but when is there a need for a DPIA? For sure, it depends on the risk. Read here.

Last point is the data breach: you have to register it, report it and have a plan.

Enforcement of GDPR

The implications of the GDPR will most likely have effects on all departments in your company, so it’s best to tackle the issue all together and create a unified strategy. Make sure you take into consideration all the data that your company collects and try to understand where they are stored. It is important to know how these data move within your company and who has access to them. Furthermore, you must be sure that you have obtained specific consent for the use of this data. Tacit consent, pre-selected boxes or user failure to act are not sufficient. Furthermore, appointed controllers will verify that the data is used transparently and for a specific purpose.