The GDPR goes into effect May 25. It regulates how companies use European Union citizens’ data—even if that data is in the U.S. Are you ready?
Take these seven steps now to prepare your company.
- Understand what kind of data is affected. Hint: Everything. The Undercover Recruiter provides this list:
- “Names
- Contact details
- Online identifiers
- Identification numbers
- Physical identity
- Social identity
- Economic identity
- Cultural identity
- CV
- Employment history
- Educational history
- Evidence of right to work
- References
- Pay details”
2. Decide if you’re a controller or a processor. IT Pro explains the difference: Controllers “state how and why personal data is processed” and processors “do the actual processing of the data.” Do you talk to clients and candidates about how you use their information, or do you sit behind a computer analyzing their information?
3. “Audit your data.” What personal data do you collect? How and when do you use it? How long do you keep it? Why do you have it? How do you delete it? You need to understand the information you collect and how you use it. Information Week reminds companies to check with third-parties: “If a third-party is not able to prove their GDPR compliance, the work they do for your EU data is illegal.”
4. Figure out where you keep the data. You must inventory every system, network, and device that accesses personal data, Information Week says. The article continues by saying this includes devices that staff bring in to work or use at home. In a data breach, your company is responsible if the hack happened on a personal device used for work. “So,” Information Week says, “it’s critical that all components of an organization’s IT system are identified and monitored.”
5. Test your security. Search your systems for security risks that could threaten people’s private information. If you find problems, fix them now. MarTech Today advises, “Use secure and customized IT solutions to stay on the right side of the regulations.”
6. Instruct your staff. Your IT staff should definitely know what to do. But don’t forget anyone else who handles data. The staff who call clients, interview candidates, do data entry, and follow up on placements all need to be taught what the GDPR means. Instruct them not only in GDPR compliance but also in basic computer safety, such as the dangers of phishing or the importance of unique passwords.
7. Budget. Compliance with the GDPR will take time, money, and staff. Adjust your budget accordingly. Consider hiring a Data Protection Officer (DPO), whose job is to oversee data and ensure compliance.
Take the appropriate actions to prepare for the GDPR to ensure a smooth transition. Worried about how the GDPR will affect your marketing campaign? Contact us to talk about your marketing—ASJ is staying on top of things.