Checklist of 16 key GDPR updates

GDPR Checklist | Binary Tree

The countdown to May 25, 2018 is on. Better known as the day when the General Data Protection Regulation (GDPR) goes into effect. Many of our clients are full steam ahead in their GDPR readiness. So as we draw nearer to this historic deadline, we’re doing a series of posts about all things GDPR, including tips and best practices for how you can keep getting ready.

Here, we list the high-level action items you’re responsible for under the GDPR. They’re from one of Microsoft’s many resources to help you get ready for the changes (source below).

Personal privacy

Your users have the right to:

  • Access the personal data you store about them
  • Correct any errors in their personal data
  • Erase their personal data
  • Object to processing of their personal data
  • Export personal data

Controls and notifications

Your organization needs to:

  • Protect personal data using the right levels of security
  • Notify authorities of personal data breaches
  • Get consent from your users to process their data
  • Keep records that show how you process data

Transparent policies

Your organization needs to:

  • Clearly explain how you collect data (for a great example, see Microsoft’s privacy policy)
  • Outline the use cases and scenarios in which you process a person’s personal data
  • Share your policies for how you store and delete data

IT and training

To make sure you’re staffed and ready to do all the above, the new law also requires that you:

  • Train all your employees (including those in privacy roles and beyond) on how to properly store and handle personal data
  • Audit and update your data policies
  • Employ a data protection officer (if your organization meets certain criteria)
  • Create and manage compliant vendor contracts

More resources

A great place to start is the Microsoft GDPR compliance site, which shows how Microsoft solutions can help. Also make sure to check out the 12-step checklist by the UK’s Information Commissioner’s Office, which is the organization in charge of regulating the new law.

How Binary Tree can help

We at Binary Tree are also doing our part to help our clients with this upgrade. Specifically, we can help you move to Office 365, which Microsoft has committed will comply with GDPR by the deadline. To get started, get in touch.

 

* Source: Microsoft GDPR partner flyer. Microsoft: Get help with regulatory compliance. Downloaded January 2018.