Complying with Data Privacy laws around the world?

These are few steps to ensure your company's compliance with privacy laws:

1. Identify category of data subjects (individuals) and category of personal data records in your business.
2. Check for legal requirements under applicable personal data protection law.
3. Identify lifecycle of personal data in your business. Map the data flow in all business processes within the company.
4. Include privacy checkpoints in business process maps.
5. Record the lifecycle of processes, which involve personal data. Check it periodically and keep it updated.
6. Conduct Data Protection Impact Assessment (DPIA) for processes to identify the level of privacy/security risk.
7. Make sure that procurement of services/products is subject to a DPIA, if it involves processing of personal data.
8. Adopt appropriate data protection clauses in your agreements, where processing of personal data is involved.
9. Respond to data subject requests as early as possible within legal timeline. Read domestic exemptions/exceptions before complying with a request.
10. Relevant data protection policies, standards & processes should be drafted and accepted as governing constitution. These policies are your go-to guide for any matter related to protection of personal data.
11. Perform data privacy audits and provide recommendations to process/function owners, if required.
12. Keep yourself aware about new and upcoming privacy laws and also, on guidance from respective data protection authorities.
13. All privacy incidents are security incidents too. Have a strong InfoSec framework to ensure protection of personal data and compliance with privacy laws.
14. Most important of all is to train your staff that handles personal data in day-to-day business. Privacy Maturity of your company will determine whether or not you're going to get fined for non-compliance. Successful completion of data privacy trainings should be made mandatory.