The European Unions (EU) General Data Protection Regulation (GDPR) will take effect in member states onMay 25and will bring with it substantial new compliance requirements and potential large fines. Organizations should begin to evaluate their processes for handling employee and client personal data. These 10 steps will be helpful in ensuring compliance: 1. Conduct data mapping and gap analysis, 2. Consider whether a Data Protection Officer is needed, 3. Identify lawful bases for processing, 4. Amend data protection language in contracts for EU employees, 5. Review/draft privacy policies and privacy notice, 6. Review/draft addendum for third party contracts, 7. Ensure safeguards are in place for transfer of data out of the European Economic Area (EEA), 8. Ensure IT systems are compatible with data subject rights, 9. Arrange training for all staff and 10. Maintain records of processing activities.
