Four tips to survive the new EU General Data Protection Regulation

The EU General Data Protection Regulation is edging ever closer with politicians aiming to conclude talks by the end of the year. Now is the time to understand how to overcome the Regulation’s biggest challenges:

Four tips to survive the new EU General Data Protection Regulation

1. Appoint a Data Protection Officer 
This will become compulsory for many businesses when the Regulation comes into force, but right now there is a conundrum. Appointing a Data Protection Officer early seems a sensible option but it is not yet entirely clear what is required. For many companies it may be more efficient to begin an internal training program to prepare for the role.
 
2. Think about Privacy by Design
This will be a requirement under the new Regulation which means it’s effectively a requirement now. There is no point putting in place a system today that ignores Privacy by Design - then pay to change them in two years when the Regulation is active. It is sensible to take notice and adopt modern thinking now – saving money in the long run.
 
3. Do you have the data subject’s permission?
In future, any data that has not been explicitly agreed to by data subjects cannot be stored. So what are you going to do with all the data you can no longer keep? Consider asking the data subjects again for their permission to use it. Just because someone ticked a box in 1982 does not mean it is legal to keep it now – things are changing.
 
4. What to keep and what to destroy
Choosing what to keep and what to destroy is a big decision and a vital one for data governance. Given that in the future, people will have a right to ask for data to be edited, corrected or deleted, keeping unnecessary data could prove expensive as well as pointless.