The GDPR for data controllers and processors
The two year grace period that the GDPR gave to data controllers and processors to comply with the new rules will expire on 25 May 2018. As of that date all data controlling and processing activities that are not compatible with the new rules may be penalised.
Make sure that your company or activity complies with the GDPR. The GDPR itself facilitates for you such compliance by:
- recasting the current patchwork of 28 national legislations in the EU Member States into one accessible legislation, and
- making administrative procedures simpler and cheaper since you will only have to deal with one national supervisory authority instead of 28.
Now it is your turn to think of what it is best for you to do. Below are just a few thoughts on what you should take care of very soon.
Try to think about who deals with personal data in your company or organisation.
Try to identify the nature of the data and the purposes for which they are collected or processed.
Try to think about which processes are mandatorily followed in your company or organisation when handling the data.
How are data safeguarded?
What is the red tape that is likely to arise when changing the ways how people work and how can it be addressed?
Do you need structural changes? Do you need to appoint a Data Protection Officer? Which competences should he or she have in your organisation and how could he or she best be placed in the organigram?
Go even further. Identify your weak and strong points. Now, you know the obligations that the GDPR introduces for data controllers and processors. Step into action ensuring that you, your company or organisation complies with these obligations and avoid potential liabilities or sanctions.
© University of Groningen