Even though the deadline for General Data Protection Regulation (GDPR) compliance has already passed, the majority of Companies in the world are still not ready. Especially small size and medium size companies, they either don’t know the law or don’t have the resources to implement the Gdpr.

Here are 6 steps that can help your company GDPR compliant

1. Learn what is GDPR

The very step in helping your company GDPR compliant, you need to learn what GDPR is. GDPR is basically an UK law on data and Privacy of individuals within EU. In order to keep or obtain data from EU individuals, companies need to obtain consent from them first. They have rights to request companies to have their data be removed.

2. Individual Rights

Websites should always have privacy policy. If you don’t have one now, you will need to create one now. If you have one, you will need to review it. The essence of tackling GDPR is that you need to states their rights, such as the right to be informed, the right to erasure, etc.

3. Data Management

If you obtain data from individuals, you need to ask yourself few questions:

Why are you collecting the user data?

How long are you going to keep the data?

Do you share data with third parties?

How do you collect the data?

All these questions and answers to them should be included in your privacy polity as well.

4. Child Consent Policy

For children that is age under 16, the GDPR states that they can’t give consent because they are not aware of the important of data and privacy.

5. Data Breaches

In the age of technology, there is very high risk of being victims of data breaches. Anything can happen, so you need to prepare the worst. You need to consider the fact that what if the data that you collect got stolen, what your protocols are. The GDPR specific states that you need to report to authorities within 72 hours of discovery of data breach, as well as informing all users about the breach and consequences.

6. Communication

The last but the least, you need to inform all employees or staffs about data privacy. When they are collecting data from people, especially from EU residents, they have specific rights that states in the above.