10 GDPR TIPS FOR ANY MANAGER

The starting of GDPR alignment projects is organically linked to a managerial decision. Nothing can be done if management is not convinced of the importance of the subject. But understanding the importance is not everything. Management must conduct the start of activities, set up a team, delegate a responsible person, and especially plan resources. This means to get involved.

Any business analysis or audit that is the first step in conducting a compliance assurance project is a function of the managerial engagement level. Are the managers directly involved, participate in discussions or delegate a trusted person to handle everything?

What needs to be done?

It’s never too late to start. Anytime you can begin alignment exercises. Here are some tips for managers:

1. GDPR MEANS ALL â€“ It’s not a stupid thing. Any organization, association, or licensed natural person carries out an activity in which it acquires some personal data of its clients, partners or employees NEED to be compliant with to GDPR.
2. THE SIZE DOESN’T MATTER â€“ Whether we have a company with 10, 50 or more than 250 employees, whether we are a micro-enterprise, an NGO or a professional association, whether we manage an association of tenants or that we are an independent consultant, dentist or specialist blogger, WE NEED GDPR. Of course, not all of us need all procedures and policies. But there is a core of activities and measures that are mandatory for any kind of organization. We cannot avoid this. WE HAVE TO BE PREPARED.
3. GDPR MEANS ACCOUNTABILITY â€“ We are responsible for our personal data. For our employees. For our customers. For our partners. We do not do that expecting the inspections of the Authority, nor as a mere bureaucratic formality. We do it for our sake and the community in which we live and work. WE ARE RESPONSIBLE FOR OUR RESPONSIBILITY.
4. GDPR IS MORE THAN A SIMPLE PROJECT â€“ More than an IT solution implementation. More than a bureaucratic review of documents from a different bureaucratic perspective. It is an assumed, documented and permanent action that involves decision-making, policy making, the adoption of procedures, but especially a team action in which we have a triple involvement: PEOPLE, TECHNOLOGY, PROCESSES.
5. GDPR IS A PERMANENT REQUIREMENT â€“ It’s not just a push-on, a punctual activity, or an implementation of procedures after which someone gives you a degree. It is a permanent exercise, a mandatory business requirement for the entire business lifecycle. In order to maintain an optimal level of compliance, we need to act continuously, to remain within certain parameters.
6. GDPR IS AN EFFICIENT INVESTMENT â€“ No money is discarded. No one forces us to make all purchases at once. A risk analysis can help create plans to rectify the possible sources of incidents related to personal data loss. We focus on what’s more important now and we’re making an effort. A budget allocated for the next financial exercise will help keep the balance. There are many reallocating budgets possibilities when we became aware that WE MUST HAVE THAT.
7. TRAIN YOUR PEOPLE â€“ Learning is not a shame. It’s a permanent need. You don’t understand exactly what this is about and you don’t have time to bother your head. Participate in a one-day or two-day GDPR training session. There are already dozens of courses that offer this. You can do it online from your desk or your home armchair. You will see what it is about. You will understand why it is important. YOU WILL REACH THE RESPONSIBILITIES.
8. PREPARE A DATA PROTECTION OFFICER â€“ Even if the law does not oblige you to hire or appoint a DPO, many aspects of GDPR adoption require the skills of a person who has undergone a DPO training. Do not wait for the certification issue to be solved. There is no waiting time. You do not need diplomas, but (at least) someone who knows where to start, with whom to start and what to do.
9. WE NEED GDPR CULTURE â€“ This is respect for data. Permanent training of employees. Testing the effectiveness or efficiency of existing procedures. Adaptation to change. GDPR will undergo changes over time. Verify compliance with related regulations such as ePrivacy or NIS. GDPR compliance becomes permanent, just like internal regulations, fire protection, or escape measures in case of natural disasters. Protect your data! Put a post-it on the door where it says: “Turn off the light!”, “Check the gases!” or “Activate the alarm!”
10. GDPR IS AN OPPORTUNITY, NOT A CALAMITY â€“ Look at alignment efforts as an investment in efficiency. As a first step in the digital transformation of the organization. As a trusted label to your employees, customers, and partners.

Read the full Article on the GDPR Ready Initiative website