Every business is different and as GDPR takes a risk-based approach to data protection, you need to assess your own data collection and storage practices to ensure that you comply.
At Jola we are encouraging partners to ask themselves the following 20 questions:
- What personal data do you collect and store?
- Have you obtained it fairly?
- Do you have the necessary consents required?
- Are you telling customers/prospects what you are collecting data for?
- Are you offering the right to withdraw consent at any time?
- Are you ensuring that you aren’t holding data for any longer than necessary?
- Are you keeping data up to date using a level of security appropriate to the risk?
- Are you limiting access to data, to ensure that it is only being used for its intended purpose?
- Are you working on a plan to ensure compliance by May 2018?
- Have you allocated a Data Privacy Officer?
- Do you have a good data protection policy?
- Are you including employee data in the plan?
- Do you have a training and communication plan in place for GDPR?
- How are you planning to manage requests to access/delete personal data?
- Are you preparing a policy to handle a breach?
- Does your privacy policy need updating?
- What is your policy on data retention and does it meet the new regulations?
- Are you documenting and communicating new procedures?
- Have you reviewed and updated your contracts?
- Have you ensured any third-party vendors are also preparing for GDPR compliance?
Jola is a wholesale provider of hosted telephony, 4G data and internet connectivity. We are preparing for GDPR compliance along with our partners and suppliers. To find out more…