How can you quickly prevent a fine under the GDPR?

The General Data Protection Regulation (GDPR) provides for sky-high fines for organisations that are careless when handling personal data. What essential measures can you take immediately to prevent such a fine?

The GDPR (General Data Protection Regulation) has come into effect, also known in the Netherlands as AVG (Algemene Verordening Gegevensbescherming). The now rapidly approaching deadline is causing consternation to more and more organisations. After all, the law entails a large number of requirements and obligations, and also provides for high fines for organisations that do not succeed in meeting them on time.

Recently I spoke about this with Ans Duthler of Duthler Associates, which advises companies in this area. One of the first recommendations that she gives to clients is not to regard the new legislation as a nuisance. This is because the GDPR is primarily an opportunity to get your own data management in order. In this way you place the interests and (privacy) rights of the customer, citizen or patient even more emphatically at the heart of the organisation.

Appoint quartermaster


An important first step in this approach, according to Duthler, is the appointment of a Data Protection Officer (DPO). He or she can act as an 'quartermaster', monitoring compliance with the new law. He or she arranges for the required road map to be drawn up and rolled out. Small organisations can hire an external advisor independently or in groups, for example through a trade association.

An important theme within the GDPR is accountability. Organisations must be able to show exactly which personal data they store and for what purpose. This requires setting up of a detailed privacy log, in which all choices made within the organisation in the context of the GDPR are recorded. A good starting point for this administrative record is a detailed 'baseline measurement' of the current state of affairs.

Baseline measurement as starting point


This is because few organisations know exactly which personal data they collect, where they store them and with whom they share them. Another aspect is that the organisation must be able to demonstrate that the use of this data is really necessary. It is very likely that this baseline measurement will yield a large number of concrete action points, on which the quartermaster can get started straight away. 

A baseline measurement is also a good starting point for the necessary awareness process among your own employees (including the management!). With every new action involving personal data, they have to automatically ask themselves a number of critical questions. To stimulate awareness within the organisation, a quartermaster can organise workshops or online seminars. Or deploy supportive privacy tools, for example.

Never 100% GDPR-proof


These measures must, of course, also be included in the new privacy records. Given the broad scope of the new GDPR legislation, and the involvement of humans as an unpredictable factor, the '100% GDPR-proof' organisation is a utopian dream. However, according to Duthler, an organisation that can show that serious work has been done on meeting the legal obligations can assume that any data breach will not lead directly to a high fine.

Not wanting to have to pay a fine is therefore not the main reason why you should embrace the new law. Privacy is an increasingly important issue for the customer, citizen or patient. Organisations that make them feel that their sensitive personal data are in good hands will soon have a head start on the competition. The new law thus offers a great opportunity for organisations to distinguish themselves as reliable and customer-oriented.  

So start with the baseline measurement as quickly as possible, determine action points and look for supporting software that helps you tackle this as effectively as possible. In the unlikely event that something nevertheless goes wrong, you can immediately prove that you have taken proper measures to prevent a data leak and to limit the possible consequences as much as possible.

 

Checklist GDPR Compliance

This blog gives you an idea of what to expect. Now it is high time to take action. Our checklist describes exactly the steps you need to take to achieve GDPR compliance. The document addresses in greater detail matters such as drafting a processor's agreement, obtaining permission for the processing of personal data, the security measures to be taken and the obligation to report data leaks. 

GO TO THE GDPR CHECKLIST

RELATED
5_practical_tips_to_securely_share_personal_data_zivver_blog_en-1

5 practical tips to securely share personal data

Tip 1: Make sure the policy is clear What information do you need to send securely? Through which channel and with what security? Employees want to do things the right way, but don’t want to have to reinvent the wheel per situation. They have other things to tend to! So give them a clear overview of all the types of information your organization shares. Add a roadmap […]

Read more
All_it_takes_is_one_human_error_to_compromise_your_organizations_reputation_blog_zivver

All it takes is one human error to compromise your organization's reputation

Professionals understand the value of their companies' reputation. Firms with a powerful and positive reputation attract better employees, partners, and clients. They're regarded as offering additional value, which usually allows them to impose a premium. Customers tend to be more dedicated and purchase broader ranges of services and products. As the industry believes […]

Read more
All_it_takes_is_one_human_error_to_compromise_your_organizations_reputation_blog_zivver

All it takes is one human error to compromise your organization's reputation

Professionals understand the value of their companies' reputation. Firms with a powerful and positive reputation attract better employees, partners, and clients. They're regarded as offering additional value, which usually allows them to impose a premium. Customers tend to be more dedicated and purchase broader ranges of services and products. As the industry believes […]

Read more
The User Representatives - Always here to help you!

The User Representatives - Always here to help you!

  At ZIVVER the success of our customers is paramount! For that reason, we have a dedicated Customer Success team to help our customers maximize their value from our product. Part of the Customer Success team are the User Representatives. Their ultimate goal is to create happy ZIVVER users, by solving all issues, providing information and representing their voice […]

Read more
gdpr_it’s_gonna_be_fines_zivver_en_blog

GDPR: IT’S GONNA BE FINES!

With the inception of the GDPR in May 2018, several companies and their offices were not, and many are still not ready to be compliant with the enhanced European privacy rules and were scared for the potential high penalty payments. This fear was not without grounds. […]

Read more
Introducing-open-conversation-starters-A powerful-new-feature-live on ZIVVERs-platform-blog-eng

Introducing open conversation starters! A powerful new feature from ZIVVER.

One of ZIVVER's most convenient and unique features is the conversation starter. It allows people who don't have an account (guest users) to take the initiative for a conversation with a ZIVVER user, in the same secure email environment. It protects both senders and recipients from possible data leaks caused by guest users. […]

Read more