Irrespective of its level of compliance with the current data protection law and the kind of processing it carries out, any business subject to the GDPR should start doing the following in order to be compliant when the GDPR is applicable in May 2018:
  • getting aware of its processing activities and make it compliant with data protection principles (a record of processing may be required)
  • implementing or updating procedures and policies in place to ensure compliance of data processing with the GDPR (e.g. compliance check and privacy impact assessment where necessary)
  • getting ready to handle correctly any data protection requests: right of access, data portability, erasure, right to object etc.
  • reviewing and/or entering into a contract with third parties processing personal data on their behalf
  • implementing adequate guarantee when data are sent outside of the European Union (e.g. BCR, EU model clauses…)
  • updating or drafting a privacy policy and where necessary obtaining individuals’ consent before processing their information
  • ensuring/checking the security of personal data and getting ready to notify both the supervisory authority and the concerned individuals in case of data breach.
If you need help, you can see services page or contact me.


Sharing options