“We are committed to our customers’ success, including compliance with the GDPR.”
- Obtain executive support for necessary staff resources and financial investments
- Choose someone to lead the effort in becoming GDPR-compliant
- Build a steering committee of key functional leaders
- Identify privacy champions throughout the organization
- Identify all the systems where the organization stores personal data, and create a data inventory
- Create a register of data processing activities and carry out a privacy impact assessment for each high-risk activity
- Document compliance
- Implement controls to limit the organization’s use of data to the purposes for which it collected the data
- Establish mechanisms to manage data subject consent preferences
- Implement appropriate administrative, physical, and technological security measures and processes to detect and respond to security breaches
- Establish procedures for responding to data subject requests for access, rectification, objection, restriction, portability, and deletion (right to be forgotten)
- Enter into contracts with affiliates and vendors that collect or receive personal data
- Establish a privacy impact assessments process
- Administer employee and vendor privacy and security awareness training
- If required, appoint a data protection officer and identify the appropriate EU supervisory authority
- Conduct periodic risk assessments