Welcome to the guide on our GDPR Compliance Policy👋! If you're unfamiliar with GDPR or wondering why you should implement a GDPR Compliance Policy, this guide is for you. Here you'll learn:
Why do you need a GDPR Compliance Policy
How to implement a GDPR Compliance Policy
What are the main things you should know about the GDPR Compliance Policy
Why do you need a GDPR Compliance Policy
If you are doing business with other companies and handle personal data of individuals from the EU, you must comply with GDPR. Non-compliance can lead to significant fines. Moreover, ensuring data privacy builds trust with your customers. It's important to adopt a GDPR Compliance Policy to ensure that everyone in your organisation understands the importance of GDPR and the guidelines you've defined.
How to implement a GDPR Compliance Policy
To implement a GDPR compliance policy, feel free to use our Secfix template POL-21 GDPR Compliance Policy and tailor it according to your organisation. You'll find the template under your Shared Drive or ask your Customer Success Manager.
What are the main things you should know about the GDPR Compliance Policy
This policy defines and describes the following aspects and guidelines of GDPR:
Data Protection Officer (DPO): The policy describes the appointment of a DPO who oversees GDPR compliance. The DPO can advise on data protection impact assessments, cooperate with supervisory authorities, and act as a contact point for GDPR issues.
Data Subject Access Requests (DSAR): As part of GDPR compliance, individuals can request access to their personal data. It is their right and you need to comply with it. They can ask for corrections, erasure, or even object to processing. The policy ensures that a process is in place to handle these requests within one month.
Breach Notification: If there's a data breach, the policy describes a process on how affected parties must be informed in line with GDPR requirements.
Data Protection Addendum: Before sharing EU personal data with third parties, you should ensure a Data Protection Addendum is in place. This is as well described in the policy.
Roles and Responsibilities: The policy defines the role of each individual and ensures that everyone in your organisation knows their GDPR-related responsibilities.
Compelled Disclosure: Understand when you might be legally required to disclose customer data and how to handle such situations.