10 Things to Do to Prepare for GDPR

This article was co-written by Kris Lahiri, Data Protection Officer and Dawid Balut, Egnyte Architect.Unless it’s all the data a business has, this is not enough to satisfy GDPR requirements. The regulation governs data handling procedures and affects both used and unused data from the moment an organization collects or processes it.

However, scrubbing unused data is a good start. Art.5 GDPR mandates the following:

“Personal data shall be: adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);” So if the data is no longer used, it must be removed. However, data removal is not necessary in some cases, such as “processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.” This is only one variable in a very long equation. To comply with the GDPR, consider the entire regulation.

Here are some good compliance questions to start with:

  1. Do you have an actual, valid, and lawful basis for data processing?
  2. Do you have explicit consent from the user to process their data? Is your consent written in clear and plain language that users can understand?
  3. Do your systems respect user rights mandated by GDPR, Chapter 3? I.e. Are users allowed to withdraw consent at any time? Do you ensure users have a way to reliably request data erasure? Are users allowed to transfer their personal data from one processing system to another?
  4. Are you processing data for the purposes stated in the user-approved consent agreement?
  5. Have you audited your legacy data against GDPR requirements and ensured it complies?
  6. Do you protect data against unauthorized or unlawful processing and accidental loss or destruction?
  7. Do you have any data safeguards like encryption, network monitoring, or security assessments designed to identify weak spots in your environment?
  8. Are data protection measures designed with privacy in mind and enabled by default to provide a high level of protection from the very start?
  9. Do you have mechanisms in place to support breach notifications?
  10. Have you appointed a Data Protection Officer (DPO)?

Attend webinar to learn more about GDPR after the May 25th enforcement.

Get started with Egnyte today

Explore our unified solution for file sharing, collaboration and data governance.

Author
Kris Lahiri

View All Posts
Tags
No items found.
Don’t miss an update

Subscribe today to our newsletter to get all the updates right in your inbox.

By submitting this form, you are acknowledging that you have read and understand Egnyte's Privacy Policy

Thank you for your subscription!

Welcome to
Egnyte Blog

Company News
Product Updates
Life at Egnyte
Industry Insights
Use Cases