Final Countdown to GDPR Compliance
The deadline for GDPR compliance is fast approaching, and once the regulation goes into effect on May 25, 2018, organizations will be expected to comply with its vast requirements. With steep penalties looming for those who are non-compliant, now is the time to ensure that this regulation is applicable to your company and if so, that your organization is ready.
GDPR states that companies must provide a “reasonable” level of protection for the personal data of European Union citizens, but “reasonable” is not specifically defined, leaving much in the way of compliance open to interpretation. To help identify areas for compliance, we have put together the following checklist. Our list is not exhaustive, or industry-specific, but can be used as a general overview to help businesses move towards compliance:
- Have you completed a Data Audit to assess what personal information is stored or processed through your systems, websites, etc.?
- Have you designated a data protection officer (DPO) to oversee implementation and ongoing compliance?
- Do you have a Privacy Notice?
- Is it available online?
- Is it scheduled for annual review?
- Does it include details regarding any and all ways personal information will be used?
- Have you documented your basis for data processing?
- Do you have a record of lawful basis for processing sensitive and non-sensitive personal data?
- Do you have documentation for record-keeping and retention policies?
- Have you set up procedures for due diligence with third-party vendors?
- What if your company experiences a breach?
- Do you have a procedure in place to respond to and remediate the issue as well as notify affected parties?
- Have you implemented training for your employees?
As you make your final preparations for GDPR compliance, remember this is not a “set it and forget it” implementation. Compliance with GDPR should be continually monitored and adjusted as necessary. If you need help setting up your compliance procedures, please connect with us.
|Read More About GDPR Compliance:|
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented was obtained from sources deemed qualified and reliable; however, MFA makes no representations as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.