The 5 W’s To Assess If Your Data Transfers And Sharing Are GDPR Compliant
Just Eight Weeks Ago The Much Anticipated GDPR Legislation Came Into Effect. Companies Across Europe And Further Afield Scrambled To Seek Compliance In What Was Portrayed As More Disruptive Than Y2K.
While the deadline has come and gone, it was merely the start date from which companies need to be able to demonstrate GDPR compliance, and a lot of work is still required as compliance gets embedded further into everyday business processes and operations.
GDPR is not intended to act as a roadblock for business but rather to encourage businesses to drive transparency for data use and governance. It shifts how organisations have been approaching client data and aims to puts the customer back into the forefront.
Wizuda’s 5 W’s aim to help you evaluate the where, what, who, why and when of your data transfers and file sharing operations. For example, to assess if your email processes are GDPR compliant?
First you need to understand – What personal data you process and store and if it includes special categories of data?
Next, you must know – Where your data is coming from? Where it is being stored? Where your data is transferred to? This should be considered both internally within your organisation as well as externally to third parties and so on. Is it being transferred outside of the EEA and if so are appropriate safeguards in place such as BCR, model contracts etc?
Then you need to look at – Who has access to this data? Who is it being shared with? Ensure to look at your entire supply chain e.g. Internal departments, 3rd party data processors etc.
The next step is to understand – Why do those with access to this data, have access? What is the legal basis for them having access e.g. is it for legitimate business purposes? Should this data be transferred or shared with them? Have the appropriate technical and organisation measures been applied e.g. data encryption, data minimisation?
And finally, you need to review – When were these transfers and data sharing arrangements authorised? Are they still valid? Have you got the right technical solutions in place that give you a full audit trail of your organisations file sharing and data transfer activities including the authorisation workflow history for your compliance reporting?
Once you have assessed the 5 W’s of data transfers within your organisation, you will need to consider what your next steps should be. There will by many actions you will need to take to address compliance. Remember the GDPR is a regulation and if found to be non-compliant you risk significant fines.
To learn more about Wizuda’s GDPR Compliant solutions, visit https://wizuda.com/gdpr/