If you are a Canadian business, how do you know if you are you GDPR compliant?

If you are asking “What is GDPR?” – then you are definitely not on your way to know if you are compliant. For those of you who asked that question – GDPR is Europe’s “General Data Protection Regulation” (GDPR)

If you know what GDPR is, and you hold any personal data on European citizens and you believe you are already in compliance, answer the following five questions:

  1. Have you the right to hold data on European citizens
  2. Does your business provide data protection awareness training for all staff?
  3. Does your business have robust breach detection, investigation and internal reporting procedures in place?
  4. Do you keep a record of personal data breaches?
  5. Do you have a process to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability?

If you have answered “No” or “ I don’t know”  to any of these questions, your organization may be at serious risk of being non-compliant.  Why should you care?  Enforcement is rigorous, embarrassing, and expensive. It only takes is one complaint against your business to trigger an investigation.

Since May 25th 2018 there have been 15 case judgements just in the United Kingdom alone, with fines as high as £200,000 (approx. $375,000 CDN). The types of organizations that have been affected include: marketing, police, health, local government, charities, finance, legal, technology, retail and manufacturing.

Heathrow Airport Limited has been fined £120,000 for failing to ensure that the personal data held on its network was properly secured.

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/heathrow-airport-limited-fined-120-000-for-serious-failings-in-its-data-protection-practices/

Senior Management’s first three steps to be compliant.

  1. Prioritizes the full awareness of the GDPR across the organization
  2. Manage all personal data in a structured way so that everyone understands the business impact of personal data related risks of noncompliance.
  3. Documents what personal data is held, why have you got it, where it came from, who you share it with, where is it store and how is it process.

How can you prevent legal battles and costly penalties?

Let your legal team create your policy. 

Let us do the rest:

We specialize in project management of processes, implementations, audit and compliance.

  • We will facilitate the process of audit for compliance.
  • Work with you to create a compliance plan. 
  • Assist when your business has been contacted by GDPR enforcement.

Are you ready for an investigation against your business?

Speak to Clifford Robbins Consulting Group today.

www.cliffordrobbins.com