Implementing GDPR rules in company without DPO
For a small company which can not afford a DPO, how would you advise to implement all the GDPR rules?
Assign topic to the user
You can implement GDPR rules by yourself. Start preparing a project plan of GDPR implementation and conduct a readiness assessment in order to verify what you need. Then, adopt policies and top-level documentation, prepare the Inventory of processing activities and define how to process personal data. You need to prepare information to data subjects (employee, customers, and suppliers) so implement the appropriate privacy notice for your website or contracts and verify if you need consent as a legal basis.
You should implement also a policy on how to manage data subject rights and increase awareness on data protection and data subject rights on your employees. You should check if there is any transfer of data outside the EU and if it is covered by the appropriate legal basis. Then, verify security measures and implement a policy in case of data breach.
Here you can find more information on how to implement EU GDPR:
- 9 steps for implementing GDPR https://advisera.com/articles/9-steps-for-implementing-gdpr/
This EU GDPR Documentation Toolkit will provide you with clear steps and all the required documents to become compliant with GDPR: https://advisera.com/eugdpracademy/eu-gdpr-documentation-toolkit/
Here you can find more information on how to start implementing EU GDPR rules:
- Is the GDPR applicable to our company? https://advisera.com/eugdpracademy/knowledgebase/who-needs-to-be-gdpr-compliant-an-easy-explanation/
- List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
If you want to learn how to implement the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 25, 2021