If GDPR applies to your business, it’s worth working to make your systems GDPR compliant. You should consult with your business’s legal team on what exactly compliance means to them, but here are some key considerations:

  • Establish the legal basis for collecting personal data. In most cases, it will be that you have obtained that individual’s consent or that your business has a legitimate interest in collecting that personal data. GDPR requirements will vary depending on the legal basis.
  • Update your business’s Privacy Policy to ensure it contains all the information that GDPR requires.
  • Make sure your business can handle requests from individuals to see their personal data in a format that can be viewed and imported elsewhere.
  • Make sure your business can handle requests from individuals to delete their personal data.
  • Make sure your business can handle requests from individuals to correct personal data they believe to be wrong.
  • Review and update your system’s default privacy settings and make sure they default to the most restricted option.
  • If you’re collecting sensitive personal data, such as ethnic origin, religious beliefs, or medical data, this data requires special considerations.
  • If the system involves a high risk to individuals’ personal data, your business should conduct a data protection impact assessment.
  • If your business seeks to obtain consent from minors, it should come from their parent or guardian.
  • If your system uses automatic decision making, make sure your business can handle requests from individuals to opt-out and have the decision reviewed by a human.
  • If your system uses any cookies other than strictly necessary cookies, be sure to obtain consent.
  • If your business uses vendors to process personal data, you should establish a data processing agreement with them.
  • If personal data will be transferred to countries that are outside the EU, make sure those countries have been deemed to have adequate data protection.
  • Make sure your business is clear on how to handle data breaches under GDPR.

GDPR represents a paradigm shift in terms of how we think about personal data and who can exercise control over it. Placing more control in the hands of consumers means that as a company, you’ll have the opportunity to develop a relationship with your customers that is based on trust and consent, which can result in them having a better experience.

Feel free to reach out to MacTech if you’d like to make the most of this opportunity with your «VigilanX» software system!

Leave a Reply