GDPR Readiness: Creating a Data Privacy Plan
As Velsoft’s new Privacy Officer, my job is to make sure my company continues using good privacy practices, and that our customer’s data stays protected. In this digital age, it’s a very important task. Data privacy is at the top of mind for many consumers, and with all the talk of the GDPR and privacy law in the past several months, data privacy has become an important issue for everyone. It’s not a job to be taken lightly, and is one that requires me to be well informed.
I was, however, just new to the role of privacy officer, so I had to learn about privacy rules from the ground up, and fast. I came from an AV/IT background at Velsoft previously, and was not directly involved in privacy, but I do have good research skills which I put to use right away. I started by getting my hands on everything I could find about data privacy – reading legislation, watching interviews and videos, reading articles and blogs, and perusing government websites.
In all of this, I started to develop an understanding of the concept of data privacy. It’s really more than just a set of rules we need to follow. It’s about our responsibility to protect the data we hold, and to be transparent and accountable to our clients about how we handle their data. As in life, being honest with our clients really is the best policy.
To this end, I needed to come up with ways to make my company transparent about our data practices. This of course starts with the privacy policy. Velsoft already had a great policy that just needed some tweaks to align with the new regulations – things like new individual rights under the GDPR, clearing up some of the wording and language, and making sure clients knew how to contact me (the Privacy Officer) if they had any questions or concerns.
Even with a new privacy policy, there’s still a lot of information left to consider. What about the rules for employees to follow? How can we ensure that everyone knows how to properly handle data? How long do we hold on to data? What do we do if there’s a data breach? All of these questions needed to be answered.
As with any good compliance program, policies and procedures need to be written. In the end, I developed a Data Privacy Plan for Velsoft that contained all of the important policies about data privacy in our company. Creating a data privacy plan for your organization is a really important step towards compliance with the GDPR and other data privacy laws around the world. The data privacy plan is a great way to show your company’s commitment to data privacy, and gives you a written record of privacy practices. Though this isn’t the only thing you need to do to be GDPR-compliant, the data privacy plan is a big step in the right direction, and helps you cover many of the new rules.
After creating internal training for Velsoft employees, and because of all the research I’ve done, I was asked to help write a course designed to help others learn about making their own data privacy plan. The course, GDPR Readiness: Creating a Data Privacy Plan, goes over the contents of the data privacy plan, walks through all of the different policies procedures that need to be written in detail, talks about privacy training, and more.
This is the first in a series of blogs entitled ‘Private Thoughts’, where I will share information, thoughts, and insights into privacy issues.