This website uses cookies. View our cookie policy
Close
Asia
Select regional store:

The key steps to GDPR compliance

The ability to prove EU General Data Protection Regulation (GDPR) compliance is critical, and a comprehensive and effective privacy compliance framework (PCF) will develop evidence to support your compliance claims.

In some cases, the below GDPR compliance steps will supplement existing measures that many organisations adopt to comply with national laws in Asia Pacific, including The Privacy Act 1988 (Australia), the Personal Data Protection Act (Singapore), the Personal Data (Privacy) Ordinance (Hong Kong) and the Cybersecurity Law (China).

This checklist highlights the essential steps you need to take to demonstrate compliance, and recommends solutions.

Spend more than $300 on any of the below products* and save 15% with the voucher code: GDPR-SAVE15

 

1. Establish an accountability and governance framework

To do

  • Assess whether your business activity falls within the territorial scope of the GDPR.
  • Brief management on the GDPR risks and benefits.
  • Gain management support for a GDPR compliance project.
  • Assign a director with accountability for the GDPR.
  • Incorporate data protection risk into the corporate risk management and internal control framework.

 

We recommend

EU GDPR – A Pocket Guide

This concise guide is essential reading for anyone wanting an overview of the GDPR and the new compliance obligations for handling personal data.

Learn more and buy >>

 

2. Scope and plan your project

To do

  • Appoint and train a project manager, and appoint a DPO if necessary.
  • Identify which entities will be in scope: business units, territories, jurisdictions.
  • Identify your organization’s lead supervisory authority in the EU
  • Identify other standards or managements systems that could provide a framework for compliance, e.g. implementing ISO 27001 demonstrates information security best practice.
  • Assess the principle of data protection by design and by default against current or new processes and systems.

 

We recommend

EU GDPR – An Implementation and Compliance Guide

The updated second edition of this guide details the requirements of the Regulation and provides practical advice on implementing a compliance framework.

Learn more and buy >>

 

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Online Course

Gain knowledge of the GDPR, and a practical understanding of the methods and tools for implementing and managing an effective compliance framework.

Learn more and buy >>

 

3. Conduct a data inventory and data flow audit

To do

  • Assess the categories of data held, where it comes from and the lawful basis for your processing.
  • Map data flows into, within and from your organisation.
  • Use the data map to identify the risks in your data processing activities and whether a data protection impact assessment (DPIA) is needed.

 

We recommend

Data Flow Mapping Tool and Compliance Manager

This Cloud-based software simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes. Integration with Compliance Manager allows you to track your compliance with the GDPR articles.

Learn more and buy >>

GDPR data flow audit

Receive, through an on-site audit, an inventory of the types of personal data collected and processed in your organisation, and a data flow map.

Learn more and buy >>

 

4. Conduct a detailed gap analysis

To do

  • Audit your current compliance position against the GDPR’s requirements.
  • Identify compliance gaps requiring remediation.

 

We recommend

EU GDPR Compliance Gap Assessment Tool

This questionnaire-driven tool helps you assess your organisation’s compliance position and identify the gaps for remediation.

Learn more and buy >>

GDPR Gap Analysis

Get an onsite assessment of your organisation’s privacy management and data protection practices, and a report summarising compliance gaps and remediation recommendations.

Learn more and buy >>

 

5. Develop operational policies, procedures and processes

To do

  • Create Article 30 documentation – the record of personal data processing activities drawn from the data flow audit and gap analysis.
  • Bring data protection policies and privacy notices in line with the GDPR.
  • Where relying on consent, ensure quality of consent meets new requirements.
  • Review and update employee, customer and supplier contracts.
  • Plan how to recognise and handle data access requests and provide responses within a month.
  • Have in place a process for determining whether a DPIA is required.
  • Secure personal data through appropriate procedural and technical measures.
  • Ensure policies and procedures are in place to detect, report and investigate a personal data breach.
  • Review whether the mechanisms for data transfers outside the EU are compliant.

 

We recommend

EU GDPR Documentation Toolkit

A complete set of easy-to-use and customisable documentation templates, worksheets and policies to document compliance with the GDPR.

Learn more and buy >>

 

6. Communications

To do

  • GDPR compliance is a business change project – effective internal communications with stakeholders and staff is key.
  • Employees need to understand the importance of data protection and be trained on the basic principles of the GDPR and the procedures being implemented for compliance.

 

We recommend

GDPR Staff Awareness E-learning Course

This simple-to-use interactive modular e-learning programme for employees introduces the GDPR and the key compliance obligations for organisations.

Learn more and buy >>

 

7. Monitor and audit compliance

To do

  • Schedule regular audits of data processing activities and security controls.
  • Keep records of personal data processing up to date.
  • Undertake DPIAs where required.

 

Don’t forget – use the voucher code GDPR-SAVE15 at checkout to save 15% when you spend more than $300 on any of the products above*.



Speak to an adviser

Please contact our GDPR team for advice and guidance on our products and services

 

*Terms and conditions

  1. This voucher code is applicable from 12–30 June 2018 inclusive.
  2. This voucher code cannot be used in conjunction with any other voucher code or promotion.
  3. This voucher code can be used online or by phoning IT Governance and quoting ‘GDPR-SAVE15’.
  4. This voucher code can only be used on the specified products.
  5. This offer can be revoked at IT Governance’s discretion at any time.