Whether your organization is or isn’t juridically present within the European Union, but it processes EU citizens’ data, you should thoroughly study and understand the impact of the GDPR to create a compliance action plan.
If you perform cross-border data transfers, make sure you have a legitimate reason to transfer this data to other jurisdiction that maybe don’t have adequate data protection regulations.
Perform an assessment of your data protection policies and codes of conduct to make sure they are consistent with the GDPR principles.
Assess your readiness to meet the requirements, and set up a budget for potential changes.
Review your contracts with data controllers/ processors as well as their collaboration with subcontractors.
Review the business’ personal data flows and data security, mapping your existing systems.
Implement privacy and security by design.
Review and update your data consent mechanisms.
Establish whether you need to appoint a DPO or not.
Carry internal GDPR trainings for your employees.
Set up a compliance accountability procedure that will help you prove you meet the required standards, if necessary.
Create a written documentation.
Conduct a risk assessment to determine what measures need to be taken.
Develop an incident response plan with clear policies and procedures.
Subscribe to newsletters to stay informed about updates on the Regulation.