Our road to GDPR compliance began a full year before GDPR’s effective date of May 25th, 2018. Our first step was to involve an external legal agency to help conduct an audit and outline the areas that needed to be addressed.
Since then, here’s what we have accomplished:
- Data Mapping Exercises: Conducted interviews with each department and personnel involved to map out all all areas of the organization to understand the flow of personal data.
- GDPR Core team: We established a Core Team, whose goal was to meet on a weekly basis to review requirements, progress, and ensure that changes required were prioritized and completed before May 25th.
- Legal Agreements: We reviewed all of the vendors we work with, current legal agreements, and introduced revised agreements that laid out both parties’ specific obligations under the GDPR.
- Training: We held an organization-wide training session and set up a training program to help our employees understand what GDPR is and what their roles are to help ensure compliance on a daily basis.
- Documentation: We updated our Privacy Policy, set up both Records of Processing (as per GDPR’s Article 30), as well as Data Privacy Impact Assessments (DPIAs).
- Process Changes: We have established data breach processes, the handling of Subject Access Requests, and set up procedures to ensure compliance on an ongoing basis.
For more information on how we’ve prepared for the GDPR, here are a few links that we encourage you to review:
And if you have any questions, please reach out to our Support Team: support@q4inc.com
To review our previous update on GDPR please click here.