How can you quickly prevent a fine under the GDPR?

The General Data Protection Regulation (GDPR) provides for sky-high fines for organisations that are careless when handling personal data. What essential measures can you take immediately to prevent such a fine?

The GDPR (General Data Protection Regulation) has come into effect, also known in the Netherlands as AVG (Algemene Verordening Gegevensbescherming). The now rapidly approaching deadline is causing consternation to more and more organisations. After all, the law entails a large number of requirements and obligations, and also provides for high fines for organisations that do not succeed in meeting them on time.

Recently I spoke about this with Ans Duthler of Duthler Associates, which advises companies in this area. One of the first recommendations that she gives to clients is not to regard the new legislation as a nuisance. This is because the GDPR is primarily an opportunity to get your own data management in order. In this way you place the interests and (privacy) rights of the customer, citizen or patient even more emphatically at the heart of the organisation.

Appoint quartermaster


An important first step in this approach, according to Duthler, is the appointment of a Data Protection Officer (DPO). He or she can act as an 'quartermaster', monitoring compliance with the new law. He or she arranges for the required road map to be drawn up and rolled out. Small organisations can hire an external advisor independently or in groups, for example through a trade association.

An important theme within the GDPR is accountability. Organisations must be able to show exactly which personal data they store and for what purpose. This requires setting up of a detailed privacy log, in which all choices made within the organisation in the context of the GDPR are recorded. A good starting point for this administrative record is a detailed 'baseline measurement' of the current state of affairs.

Baseline measurement as starting point


This is because few organisations know exactly which personal data they collect, where they store them and with whom they share them. Another aspect is that the organisation must be able to demonstrate that the use of this data is really necessary. It is very likely that this baseline measurement will yield a large number of concrete action points, on which the quartermaster can get started straight away. 

A baseline measurement is also a good starting point for the necessary awareness process among your own employees (including the management!). With every new action involving personal data, they have to automatically ask themselves a number of critical questions. To stimulate awareness within the organisation, a quartermaster can organise workshops or online seminars. Or deploy supportive privacy tools, for example.

Never 100% GDPR-proof


These measures must, of course, also be included in the new privacy records. Given the broad scope of the new GDPR legislation, and the involvement of humans as an unpredictable factor, the '100% GDPR-proof' organisation is a utopian dream. However, according to Duthler, an organisation that can show that serious work has been done on meeting the legal obligations can assume that any data breach will not lead directly to a high fine.

Not wanting to have to pay a fine is therefore not the main reason why you should embrace the new law. Privacy is an increasingly important issue for the customer, citizen or patient. Organisations that make them feel that their sensitive personal data are in good hands will soon have a head start on the competition. The new law thus offers a great opportunity for organisations to distinguish themselves as reliable and customer-oriented.  

So start with the baseline measurement as quickly as possible, determine action points and look for supporting software that helps you tackle this as effectively as possible. In the unlikely event that something nevertheless goes wrong, you can immediately prove that you have taken proper measures to prevent a data leak and to limit the possible consequences as much as possible.

 

Checklist GDPR Compliance

This blog gives you an idea of what to expect. Now it is high time to take action. Our checklist describes exactly the steps you need to take to achieve GDPR compliance. The document addresses in greater detail matters such as drafting a processor's agreement, obtaining permission for the processing of personal data, the security measures to be taken and the obligation to report data leaks. 

GO TO THE GDPR CHECKLIST

RELATED

Secure your communications with ZIVVER’s new self-service feature

Securing email can be crossed off the company to-do list in less time than it will take to read this blog post, thanks to ZIVVER’s new self-service feature for small and medium-sized businesses […]

Read more

Secure your communications with ZIVVER’s new self-service feature

Securing email can be crossed off the company to-do list in less time than it will take to read this blog post, thanks to ZIVVER’s new self-service feature for small and medium-sized businesses […]

Read more

Security awareness in perpetuity

To protect against cyber security threats, every organization should view their workforce as the first line of defense. After all, many security incidents are caused by human errors, such as becoming a victim of a phishing attack, sharing sensitive information with the wrong recipient, or accidently installing a virus on a shared drive. No matter how many […]

Read more

Security awareness in perpetuity

To protect against cyber security threats, every organization should view their workforce as the first line of defense. After all, many security incidents are caused by human errors, such as becoming a victim of a phishing attack, sharing sensitive information with the wrong recipient, or accidently installing a virus on a shared drive. No matter how many […]

Read more
The_advantages_of_Email_vs_Fax and_Snail_Mail_zivver_blog_en

The Advantages of Email vs. Fax and Snail Mail

Before email came into popularity, fax transmissions presented the only way to send written communication quickly. They could provide paper printouts in a few short minutes over hundreds of thousands of kilometers. Nowadays, email has become the preferred method of communication. Consequently, most companies have entirely abandoned fax machines. […]

Read more
Sales_Channel_UK_Email_Security_DPA

ZIVVER set to expand its sales channel for email security in the UK

Fresh off a media tour to support the recent launch of ZIVVER’s secure email and file transfer solutions in the United Kingdom, ZIVVER is poised to announce new channel partners shortly. These partners will help support the company’s aggressive growth strategy in 2020 and beyond. […]

Read more