10 steps organizations should observe for GDPR compliance

Register now

There are 10 months to go before the General Data Protection Regulation goes into effect in Europe, and several recent studies find that a majority of organizations are not ready for the data protection rules.

With that in mind, eCommerce systems integrator Tryzens has outlined 10 steps organizations must take in order to mitigate risk in their business and implement GDPR effectively to ensure compliance.

The GDPR is legislation designed to replace the Data Protection Act of 1998 in the UK. It aims to harmonize the approach to protection and privacy of personal data collected and/or about citizens in the EU. While maintaining the values of the free flow of information among its member states, the GDPR also gives individuals more transparency and control over what companies do with their data.

In order to comply with GDPR, Tryzens says organizations should observe the following:

1. Check you have notified the Information Commissioner’s office that you are a data controller (an organization that owns the data). This can be done at www.ico.org.uk.

2. Share information with management and your board on GDPR impact and obligations.

3. Use a data self-assessment survey to identify risk and readiness for GDPR. A good one can be found at https://ico.org.uk/for-organisations/improve-your-practices/data-protection-self-assessment/getting-ready-for-the-gdpr .

4. Update or implement both a formal data protection policy and privacy policy that covers the responsibility to secure data, with legitimate consent and for the sole purpose of lawful processing.

5. Appoint someone responsible for leading, managing, and monitoring GDPR compliance across the business.

6. Prepare for the new law to be enforced by updating internal and relevant supplier processes, auditing personal data held by your business (for customers, prospects, and employees) in order to ensure only relevant data is securely maintained.

7. Update your employee handbooks and train all your staff on GDPR and their obligations and responsibilities to comply with it.

8. Check and/or update your data collection consent wording across your relevant channels.

9. Check customer and supplier contracts, notably in regard to digital service suppliers that are part of your supply chain to provide service to your customers, as they may be data processors but the retailer remains the data controller and must be able to enforce their policies.

10. Check your insurance coverage for compliance with GDPR.

"GDPR will significantly impact how retailers collect and process personal information, be they pureplay etailers or traditional bricks and mortar,” said Andy Burton, CEO of Tryzens. “We have less than 12 months before the deadline and with hypersensitivity in the market to avoid adding any friction to a customer shopping experience (because of the potential impact to sales conversion), I cannot stress enough the importance of ensuring the ecommerce, store, marketing and trading teams fully understand what compliance to GDPR looks like so they can adapt to deliver a positive and seamless customer experience.”

For reprint and licensing requests for this article, click here.