The GDPR is clear: every company must explain and document how it would act in the event of a data breach; furthermore, in such a case, it must inform the supervisory authority within 72 hours of the event. The aforementioned “PIA” – Privacy Impact Assessment – has the very purpose of establishing in advance what risks there may be in the processing of data in the particular specific business and what measures are put in place to minimize the risks.
Furthermore, methods of communication australia database directory to users in the event of a data breach must also be provided. What Every Company Should Do When Facing GDPR In super summary, there are 5 key points that every company must address to comply with the GDPR: Fully control access to data , with structured and unstructured databases Clear identification of the personal data managed (with immediate access, profiling, security rules to protect data) Data governance : clarifying policies, identifying management processes, assigning responsibilities.
Data protection strategies: anonymization of data records and encryption. Control of the applied procedures, with internal reporting, checks, proactive management of the relationship with users. All these aspects flow into a Register of Data Processing Activities, which explains all the procedures, purposes, software used, people involved, responsibilities, and security measures envisaged in the management of the personal data processed. SMEs and GDPR: the obligations of small businesses towards the new Privacy Regulation The regulation is a bit more lenient for small businesses.