GDPR Implementation – 10 Step Action Plan

The European Union’s General Data Protection Regulation (GDPR) which comes into effect from May 25th, 2018 represents sweeping new legislation designed to protect data rights of EU residents. It affects every organization that interacts with an EU resident in any waywherever that organization may be. Fines for failure to be GDPR compliant can be severe: 20 million euros or up to 4 percent of global revenues, whichever is greater.

While some organizations have already implemented processes and software and appointed DPOs to take care of their GDPR compliance, many organizations are still finding their way. Marketers, in particular, need to educate themselves on GDPR and take action to ensure they’re compliant in the ways they collect, manage,  process and share information.

While every organization needs proper consultation and legal advice on being GDPR compliant, here are 10 things to do and consider as a framework for GDPR compliance to give you a head start on your own efforts, or to compare to the work you’ve already undertaken:

(1) Raise awareness and create alignment, educate all the company stakeholders so that they can anticipate the impact and potential risks of GDPR

(2) Map your information and perform a detailed data audit. In particular, you need to have answers to the following basic questions about your data:

  • Who are our data subjects? Who has access to sensitive data?
  • Where do we keep their personal data? Where do we transfer personal data to?
  • Why is personal data under our control (for what legitimate purpose)? Why do we share it with third parties? Do third parties share it with other entities? If so, who, how many and to what purpose?
  • When are we keeping personal data until? When do we share personal data with others?
  • What mechanisms do we have in place to safeguard personal data?
  • How is data being processed? How long should it be kept?

(3) Do a full review of current privacy notices and ensure that these will align with requirements under GDPR before it takes effect. At the minimum, the following points should be covered:

  • The identity of the controller and of the data protection officer.
  • Conservation period (how long data will be kept).
  • The right of access, rectification, restriction, and objection.
  • Right to lodge a complaint.
  • Recipients and transfers of data.
  • State the right to withdraw consent at any time.
  • Explain the legitimate interest of the controller or of a third party (if relevant) in the collection of the data.

(4) For being GDPR compliant, organizations must be able to demonstrate that they can respond to a data subject’s personal data request, and generally, this must be done within 30 days.

(5) Perform a Privacy Impact Assessment (PIA) – review your data processing activities and identify and document the legal basis for each type ensuring that no personal data is collected beyond the minimum necessary for each specific purpose of the processing.

(6) Manage consent of data subjects and ensure that consent is sought, obtained and recorded according to new guidelines, and that you are able to respond to inquiries regarding consent.

(7) Ensure data security and implement a process to report data breaches by providing a mechanism(s) to pseudonymize, encrypt or otherwise secure personal data

(8) Privacy by design and default clause of GDPR compliance requires that all consumer interactions and touch points have privacy designed right into them and that their default mode is one of compliance. To implement this clause, plan, design and perform your data processing activities where by default, only personal data which is necessary for each specific purpose of the processing should be processed

(9) Appoint a Data Protection Officer (DPO) providing him/her with tools to maintain audit trails of processing activities to demonstrate accountability and compliance, liaise and assist supervisory authorities and monitor compliance with data protection laws

(10) Ensure that the data you’re collecting can be easily transferred or given back to consumers whenever they ask for it in a format that can easily be transferred to another data controller (this is known as “data portability”).

Where to start?

While all of the above-mentioned points are critical, if you want to kickstart your efforts, a good place to start is with information mapping and a data audit (#2 above). Not only will this help with GDPR compliance, it will also enable you to better understand your customers and make smarter choices when planning and allocating your 2018 budgets.

Technology has an important role to play as well in your endeavor to be GDPR compliant. Implement a tool like LuitBiz that has built-in GDPR compliance rules to manage all your data and documents using just one integrated and easy to use cloud-based software. This will help your organization not just compliant with GDPR but also better positioned to personalize your marketing activities for better ROI.

3 Reasons Every SMB Should Be Using SaaS

Starting and running a small business has never been easy. Geographic isolation, limited resources and not being able to access best practices have always been some of the hurdles faced by SMBs. These historic challenges can be tackled in new and better ways.  SaaS is the key to overcoming many of these traditional disadvantages and is the key to the SMB sector taking advantage of the digital revolution. There is a huge market demand in providing software to the SMB sector.

SaaS completely changes the rules of the business IT game. No matter how big or small your business is or where you are in the world, SaaS allows you to compete, grow and innovate with the best. Three big reasons why SMBs worldwide should consider using SaaS business software are:

  1. Any company can now base their business on best in class software: For a few dollars a month any business located anywhere in the world can have access to the best-in-class business software available globally. These include CRM, sales force automation, HRMS, accounting, document management, etc. These services that have been traditionally available only to enterprises are now made available via SaaS to SMBs using which they can streamline their business processes to increase efficiency and gain more profits.
  2. Reaching bigger or more distant markets used to be about financial muscle and shoe leather: The whole process of inbound marketing – search engine optimisation, social media, pay per click, etc is now available at the touch of a smart phone screen via SaaS. Customers today actually prefer this type of selling. The days of the high paid salesman and the multimillion dollar marketing campaign are fading. Everyone can be a global player. SMBs have never had a better opportunity for growth.
  3. The emergence of shared and integrated IT elements: One key feature is the emergence of shared IT elements. The cloud is an obvious starter. APIs, interdependent software and data applications and common software components link many SaaS applications. Not only can a SMB afford the world’s best software, but it can be integrated and work as one, almost without effort. Communication and collaboration are becoming essential to business success. Additionally the emergence of integrated business software targeted towards SMBs is a big boon to this sector. SMBs can just subscribe to one software that inter-relates all their business processes seamlessly and manage their entire business from their smart phones from anywhere in the world.

One concern remains. Businesses owners do have tough and busy lives. For many, their business is their life. Finding the time to take advantage of the SaaS opportunity is not simple. Awareness is a real issue. Luckily the SaaS model can also help here. SaaS is a short term, pay as you go model. There is no capital cost and there need not be a long term contractual commitment. Most SaaS companies offer a free trial of 14-30 days. So you may be able to test what works for no cost at all. This means you don’t have to do everything at once. Instead think of a different approach. Write down your 3 biggest business problems. Do a quick Google search and find the SaaS products that might help. Pick one and give it a try.

You will need to make changes to take advantage of SaaS. These can be incremental and low or zero cost. The rewards can be great. Because there is little commitment, you can ditch things that don’t work. There is a whole world of digital opportunity out there for SMBs. Get out and give it a try.