If it feels like the General Data Protection Regulation is right around the corner, that’s because it is! The new European privacy law will go into effect May 25, 2018, which leaves companies with just over six months to prepare. We’ve been exploring GDPR over the last few months in preparation for the change with topics such as what changes to expect and consequences of not being compliant. This time we’re going to shift focus onto U.S. companies to highlight three ways they can prepare for GDPR.
GDPR will affect those far beyond the borders of the European Union. All U.S. companies that house or process information for those in the EU will be required to be GDPR compliant. Whether the company sells into the EU or has employees there, GDPR will require a redesign in the way U.S. companies process Personally Identifiable Information (PII).
PII covers a wide range of common, everyday information such as credit card numbers, birthdays, home addresses and social security numbers. GDPR is set up to keep this information private, protect it from a breach and even give individuals the power to remove their PII from data systems altogether. Below are a few ways U.S. companies can ensure they’re prepared for these major changes.
- Review All Data
- Before U.S. companies can secure their data, they need to take stock of everything they have and determine exactly where and how it’s being used. GDPR will require companies to completely change how they collect and manage their consumer’s data, so it’s important to get started on this immediately if you haven’t already.
- Craft Company Plan
- Once you’ve taken the time to gather all your existing information, the next step is to come up with a comprehensive plan to share with the rest of the company regarding how your company will be GDPR compliant moving forward. The ultimate goal with GDPR should be for operations to include “privacy by design,” meaning companies must find a way to process consumer information safely by proactively keeping it private to avoid a security breach altogether.
- Make Changes
- Identify data, determine where it’s stored and plan on how to manage it by completing a Privacy Impact Assessment. Once this is done, the next step is to put the company’s plan into action and educate employees on the importance of handling data properly to remain compliant with GDPR.
These are challenging steps! Most U.S. companies will find it difficult to adjust to become compliant with GDPR by the time it takes effect next year. The most important part is being proactive to review data, come up with a plan and start implementing changes before the deadline hits.