With the GDPR formally approved by the European Parliament last month, all companies that operate in Europe have until 25 May 2018 to comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million.
The GDPR broadens the scope of PII (personally identifiable information) to include, “any data that can identify a natural person such as a name, an identification number, an email address, location data, an online identifier”, or to “one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
It also introduces legal obligations for any organisation that controls or processes such data, requiring them to implement “privacy by design” techniques, such as minimisation, to protect the rights of the data subjects.
This has the added benefit, to the organisation, of reducing the risk of exposure to administrative fines, and, most importantly, the reputational damage and loss of trust that often accompanies a PII breach.
Complying with the GDPR and the documentation you need
In order to comply with the GDPR, organisations need to produce and maintain a wide range of documentation. Not only will well-maintained documentation show your commitment to data protection, it will ensure you have evidence to support your claims if the supervisory authority has any cause to investigate.
To help you produce compliant documentation quickly and easily, we have published the EU General Data Protection Regulation (GDPR) Documentation Toolkit today.
This comprehensive toolkit contains all the critical documents you will need in order to comply with the GDPR, including:
- Guidelines for mapping the flow of data across your organisation
- Procedure for conducting a privacy audit
- Templates for creating clear and accurate privacy notices
- Data breach notification process and procedures
- Subject access request templates and procedures
- International data transfer procedure
- Consent form templates
- Data protection impact assessment templates and procedures
- Important information security policies and procedures to keep your information secure