How to be prepared for the GPDR in 13 Steps

Last week, the Belgian Data Protection Authority “Privacy Commission”, published Guidelines containing 13 Steps that will help organizations in order to prepare for the EU General Data Protection Regulation. The Guidelines were published in French and in Dutch.

The Belgian Data Protection Authority recommended to follow the steps shown below in order to be compliant with the GDPR:

• Awareness: Instruct the relevant persons about the upcoming changes.
• Internal Records: Document the stored data, where it came from and to whom it is transfered.
• Privacy Notice: Review and update the Privacy Notice.
• Individuals’ Rights: Check existing procedures in order to comply with individuals’ rights.
• Access Requests: Review current procedures about access requests. Consider how these requests will be handled in accordance with the new GDPR time limits.
• Legal Basis: Document all data processing procedures. Demonstrate the respective legal basis for each data processing procedure.
• Consent: Review how consent is collected and recorded.
• Children’s Personal Data: Plan procedures in order to verify the ages of individuals. Determine how to gather parental or legal guardian consent for processing procedures that involve children’s data.
• Data Breach: Guarantee that procedures are implemented on how to handle data breaches.
• Data Protection by Design and Data Protection Impact Assessments: Check these concepts. Consider how to implement them.
• Data Protection Officer: Appoint and review the Data Protection Officer.
• International: Check which Data Protection Authority will be responsible for you.
• Existing Contracts: Review the current contracts.