Have you taken actions to demonstrate this? Are you ready for a super quick health-check to help you – honestly – answer the above?
Do you send files including personal data outside of your company in Excel by email with or without encryption?
Who else knows your password to log in your company device and/or applications, just in case you are off for any reason?
Do you know what to do if your organisation gets hacked?
Does everyone in your company know what to do if someone from another organisation asks for data to be shared?
Are you sure your website is in good enough shape to pass a remote investigation from the data protection authority?
When have you reviewed your privacy- and cookie notices for the last time?
Do you know what data your organisation uses, where is this data, who has access to it? Are you sure your practices would be seen as appropriate?
Do you know that ALL of the following is personal data under GDPR: name, phone number, IP address, browsing history, MAC address, credit score, badge number, call recording, CCTV images, mother tongue, employee evaluation records, salary, number plate, fingerprint, meal preference and seat number on a flight.
Did you know that hosting anything that includes personal data in the cloud, on a server that is operated by a US company (eg. Microsoft, AWS or Verizon) is illegal and this lack of compliance with data location may cost you?
What data protection considerations have you taken into account when you decided to send customized marketing communication to your customers based on their previous purchases?
These are easy yet complex questions, that an organisation in scope for GDPR must be able to quickly respond to. Many organisations have decided to self-manage data protection (regulated with the EU GDPR: General Data Protection Regulation) related matters and maybe appointed someone in the Legal or Security department to deal with the related topics.
But is this person knowledgeable about data protection rules AND security controls? Do they have sufficient knowledge from a legal and technical perspectives?
If you are 100% confident that your organisation is doing fine and you comply with the regulation, we are very happy for you, because you are one of the very few.
If you however lack answers, because one or more areas in the regulation still seem somewhat muddy, we provide easy-to-use modules that are ready for human understanding and interpretation.
Why would you consider using our modules when there is so much material already available in this subject?
GDPR embraces a very complex subject matter, building on a many-to-many link. In a number of instances, the links go beyond the data protection regulation and refer to security subjects and/or other legalities. Our modules build on each other, but also offer you the flexibility to dive into a particular topic in case you believe you have sufficient knowledge on others. We explain common problems through examples and give you best practice tips.
In the data protection domain at this point in time we have the following chapters (in order of recommendation to proceed):
– Lawful processing
– Privacy Notice
– All about cookies
– Data protection by design
– Data in move