The process of adapting the General Regulation on Data Protection (GDPR) to the Portuguese reality has not been easy. Although the European diploma has been in force since May 25, 2018, there are still many companies that fail to meet all the standards associated with the new legislation. The National Comission of Data Protection has passed fines to defaulters and it is urgent that companies work to comply with all the obligations that exist in the law. In today’s article, we present 7 tips for rapid adaptation to GDPR!
This figure (also known as DPO) plays a key role in the transition period from the old law to the new legislation and is essential to ensure that over time the company fulfills its legal obligations. The appointment of a DPO is mandatory in the following cases: (1) whenever the processing of the data takes place in a public entity; (2) where there is constant monitoring of people on a large scale; (3) whenever there is large-scale sensitive data processing.
Professional advice is essential if GDPR is to be implemented correctly. The legal adviser will identify the steps already taken and those that are missing to comply with the GDPR. Needs assessment is very useful if you need to use a partner to make the necessary changes.
There should be a record on the activities of the processing of personal data, as the body responsible for personal data may require your query at any time. It is essential to use a CRM here, for example. Correct data management makes marketing work easier and reduces the likelihood of errors.
Customer service procedures should be prepared to receive all requests under the new law, whether online or offline. It is essential to ensure that the security of citizens’ data is not compromised and that the citizen is aware of the objective of data storage by the company.
The company must ensure that highly sensitive data is encrypted or masked so that there is no risk of loss and the company falls victim to the heavy fines set out in the new regulation. Datapeers offers a variety of sophisticated scrambling techniques to protect sensitive data, replacing them irreversibly with fictitious but realistic data.
The company must create an internal communication program, so that it involves all areas in this change. GDPR compliance officer should inform and sensitize employees about data privacy and the risks that non-compliance poses to the company.