How to Do Your GDPR Compliance Tasks – Without Overdoing Them

In this month’s newsletter, we dive into the complex GDPR landscape – to make it clearer and more accessible for you who are responsible for the organization’s GDPR compliance.

We’ll take you through:

?? 3 common challenges we see amongst the employees who are responsible for the organization’s GDPR

?? 10 basic GDPR rules you should get your head around

?? How to do risk assessment within GDPR

?? 6 rules of thumb from our GDPR expert

? The best way to understand and comply with the GDPR

Happy reading!

Did you know that...

When we talk to customers, we see 3 common challenges among the employees who are responsible for their organization’s GDPR:

1. They don’t have a legal background or the necessary training to do compliance tasks.
2. They find the GDPR overwhelming and vague, making it difficult to ‘translate’ the rules into their specific context.
3. They don’t know where to start.

This newsletter works as a toolbox that gives you the basic GDPR knowledge and the confidence that you’re focusing on the most valuable part of your compliance work.

Grasp the 10 basic GDPR rules

Organizations that process personal data must comply with the GDPR. Here are the 10 GDPR rules you need to get your head around:

1?? Ensure a lawful basis for processing

2?? Maintain records of all processing activities

3?? Ensure lawful, fair, and transparent privacy policies

4?? Describe internal procedures and ensure proper training of your employees

5?? Make an overview of your processors and conclude data processing agreements (DPAs)

6?? Monitor your processors

7?? Do ongoing self-monitoring and internal awareness

8?? Develop new or modify existing IT systems to comply with the basic principles of the GDPR

9?? Conduct risk assessments to protect personal data properly

?? Ensure data subjects’ rights

If you want to dive into the details of every requirement, you can find them here.

How to do risk assessment within GDPR

All organizations share a responsibility to minimize risks to data subjects. However, risk management seems like an overwhelming and time-consuming task to many GDPR managers.

The most important thing is that you do the best you can in structuring and prioritizing your efforts.

To do this, we suggest that you follow the 80/20 rule by answering this question:

Which 20% of my IT systems can account for the 80% of the risks that I need to protect my data subjects against?

Then you should start your risk assessment on these 20%. During a potential audit, you can argue why you prioritize certain assets, suppliers, and IT systems over others in your risk assessments.

When you know which 20% of your IT systems, we recommend that you follow these 5 steps in the risk assessment of your asset.

6 rules of thumb from our GDPR expert: How to make your daily GDPR work easier and more effective

And rule no. 6 - learning from practice - is our cue. Because that brings us to your final takeaway in this newsletter: Our EU GDPR Casebook 2023.

Learn from practice - and dive into our EU GDPR Casebook 2023

We just launched our GDPR Casebook 2024, covering Danish cases, but did you know that we also have a GDPR Casebook 2023 covering cases from other EU member states like the Netherlands and Belgium?

Learn from the cases here – and use them to get even better at understanding and complying with the GDPR.