Five Ways GDPR Will Immediately Impact The Business of Your Association
Over time, associations have created all sorts of data and that data has been processed, communicated and stored over all sorts of hardware, networks and technology infrastructure. With GDPR on the horizon, the following five points indentify new processes and strategies that need to be in place prior to May 25, 2018.
- Any breach will need to be disclosed. Data controllers that experience a breach of personal data privacy will need to report it almost immediately and may also have to notify individuals affected.
- Erasure becomes a universal right. Sometimes known under its previous, expanded iteration as “the right to be forgotten”, this allows individuals to request personal data related to them is deleted.
- Consent needs to be explicit. Citizens will be able to ask tough questions about what is happening with data held on them. This applies to “data controllers” (organizations collecting personal data, for example a retailer, researcher or public-sector agency) and “data processors” (the outfits that process the data on behalf of data controllers, for example cloud service providers).
- Systems and internal processes will need to be retooled. Organizations will need to show that they have built in privacy to workflows and processes – for example by scrambling identity information as it is input to a system – in an approach sometimes known as Privacy by Design.
- You will need a go-to person. Specifically, organizations of significant size will need to appoint a specialist Data Protection Officer (DPO) who monitors internal compliance. Depending on the size and type of the organization, this person could be a part-time consultant.
Think of GDPR as a spring cleaning even if it has been a long time since you last examined your data assets. Every organization needs a full audit which will help prepare for the GDPR and empower their staff with valuable knowledge.
And from Impexium…We’re here to help. At Impexium, we started to think about how GDPR would be measured and tested in early 2017. Since then, we’ve been working on becoming GDPR ready. And today, our industry-leading Association Management Solution (AMS) powers the association industry’s most forward-thinking and innovative organizations. We look forward to working together to make your organization’s GDPR journey a successful one.