The Five Essential Elements of Accountability Under the GDPR Every Business Should Know
The General Data Protection Regulation (GDPR), which comes into effect in May 2018 (only six months from now) has been the subject of countless conference discussions, press stories, and company meetings about the challenges of compliance. The GDPR is a lengthy and complex read, and its requirements – ranging from detailed consent requirements to the need to conduct data protection impact assessments – can seem daunting.
What is often lost in the concern about specifics is that the most important change the GDPR represents is the shift in thinking it requires. The GDPR provides that companies change their mindset from one of “check-box” compliance to accountability. It requires that companies look holistically at the data that it collects and holds, how it processes it and protects it, and how it engages with data subjects to make it possible for them to access and correct their data and obtain recourse when things go wrong. Accountability takes into account the critical role data plays in all aspects of a company – marketing, delivery of products and services, understanding customers, accounting and payroll, outsourcing and customer care. It also reflects rapid advances in technology and data processing that will become part of all companies, if they have not already – software as a service, the cloud, data analytics and artificial intelligence.
Accountability can be reduced to five essential elements, each of which is reflected in the GDPR.
- A company’s commitment to accountability and adoption of internal policies consistent with external criteria;
- Mechanisms to put privacy policies into effect, including tools, training and education;
- Internal, ongoing oversight and assurance to ensure that the steps a company has taken are effective and result in good privacy;
- A way for individuals to have questions answered and concerns addressed.
Achieved Compliance – helping you navigate the complex world of data compliance.
Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.
For more information as to how we can help your organization be GDPR compliant please contact firstname.lastname@example.org.