Pitfalls of GDPR
The main mistake in the implementation of GDPR is to rely on the strength and resources of only one person. A common practice is to expect independent work on the Rules from a lawyer. In such a situation, if he doesn’t have enough serious position in the organization and cannot convince his colleagues of the need for overall coordinated work, then everything will come to just preparing useless document templates that will not protect the company.
GDPR can’t be realized by one person
Moral: Compliance with GDPR is a teamwork. Compliance department, lawyers, information security or IT infrastructure department, marketing and sales, HR department (if there are employees in the European Union), production and functional departments – a real dream team for the implementing of Regulation.
Explore requirements comprehensively
And do it everywhere. The GDPR has moved the protection of personal data from the checklists towards risk assessment. Based on a risk analysis, you need to independently develop documents and determine which measures should be taken. At the same time, the Regulation doesn’t describe the result to which the risk assessment will lead you. It is likely that successful and effective measures in one company will be irrelevant for another. Only on the basis of the level of risks and the characteristics of a specific threat, you can choose measures for your company.
So, for example, the risk of transferring a personal data base to a competitor by a bribed employee is not relevant for your company. Moreover, it is likely that the contracting company that processes the data will commit a violation with negative consequences in relation to those who entrusted this data. Your task is to track the implementation of GDPR by the contractors whom you involved in the processing of personal data. You might not have heard about this from a friend from another company (well, that you can hear it from us).