Not everyone can be a GDPR compliance specialist, but that doesn’t mean you should ignore data protection and privacy; especially if you run a business. Even though much talk has been made of GDPR compliance, being GDPR-ready is not a one-time project. It’s an ongoing approach to business.
Trusting the people we share our data with (looking at you Facebook!) is a big part of how we do business online. When a company needs personal data to run its service, the user should be aware of why and how it is used so they can decide upon the service.
This is why GDPR puts more responsibility on organizations and increases the rights of individuals.
Some consultants we talked to say that there is no such thing as being 100% GDPR compliant. It’s more about taking a look at data and processes from an “ethical” standpoint and not as much about “tools” or “checklists”.
So, don’t search for a template, each organization has its way of doing things. Try to develop efficient data protection and privacy strategy based on your scenario. This guide is just a starting point, with a high-level and general approach. Ideally, you will need to dig into each area of your business and look at how you collect, process, disclose, store and delete data.