#GDPR – ready, set, GO!
Due to the General Data Protection Regulation, which enters into force on May 25<sup>th</sup>, NJORD dedicated the month of February to data protection.
We’ve heard that bringing the subject to everyone’s attention has inspired and boosted companies and entrepreneurs to take action in the matter. None of us wants to have a service provider be careless with the personal data they gather about us. We certainly wouldn’t want unauthorized or malevolent persons accessing our data.
To ensure that their companies are ready for the new regulations that enter into force on May 25<sup>th</sup>, management boards should ask themselves the following questions:
<li>Have we familiarized ourselves with the GDPR?</li>
<li>Have we determined the scope in which it applies to our organization?</li>
<li>How well is personal data protected in our organization?</li>
<li>Do we need to create new manuals and procedures to protect the data or would it be enough to update the existing ones?</li>
<li>Have we reviewed our contracts with existing clients and service providers?</li>
<li>Are our computers, phones and other data mediums secure?</li>
<li>When will we train (introduce new data protection procedures and manuals) our employees?</li>
Data protection doesn’t end when the data protection audit has been carried out, possible security breaches have been eliminated and manuals and procedures have been established. Data protection is a constant process and it will only stop when there is no more data to protect. However, that is not a likely scenario, since there’s always some data about physical persons in every organization. Since technological possibilities for processing and gathering data evolve every day, data protection procedures and manuals should be updated regularly.