Do you have an office or other operation in the European Union? Does your business sell products or services in the European Union? If you monitor, collect, or maintain personal data within the European Union, you need to ensure that your company complies fully with the requirements of the General Data Protection Regulation (GDPR) for the European Union. Steps that our South Carolina compliance lawyers advise you to take to determine if you are GDPR compliant include:
2. Adopting or Reviewing Internal Security and Data Policies
3. Reviewing Contracts and Agreements
All contracts and agreements should address GDPR requirements. The GDPR requires you to have written contracts with any companies, individuals, or services that handle the data you collect and maintain.
4. Re-Assessing Security Measures
Compare your data security measures to the industry standards for protecting data. Several data privacy frameworks can provide a guideline for ensuring your security levels meet the GDPR requirements. Reviewing Article 32 of the GDPR can help you assess the security of your data encryption, processing systems, storage, testing, and backup systems.
5. Adopting Procedures for Purging Data
The GDPR limits the time you can store an individual’s data without a valid reason for maintaining the data. You need to review the GDPR guidelines for maintaining and purging data to ensure your procedures comply with the GDPR laws. Your purging process should also include steps for destroying data that is no longer needed and that complies with the GDPR rules for disposing of and destroying personal data and information.
6. Keeping Detailed Record Keeping
You should maintain detailed records of the steps you take to comply with GDPR requirements. Your records should reflect the steps you have taken, and you are currently taking to comply with the GDPR. As you continue to comply with the law, maintain records of your efforts toward compliance to mitigate the risks of non-compliance if a complaint is filed against your company.
Our South Carolina Business Compliance Attorneys Know GDPR
It can be difficult to know if you are GDPR compliant, especially if you are a small business that has not instituted detailed data privacy procedures. Larger companies may believe their policies for data collection are sufficient; however, they may not be GDPR compliant.
Contact our South Carolina business compliance lawyers at Willcox, Buyck & Williams, P.A. Our South Carolina business law attorneys help businesses evaluate their privacy policies and data collection policies to ensure they are complying with all GDPR rules and laws.