In this episode we explore the basic policies and procedures that you need to have in place to comply with the General Data Protection Regulation (GDPR). I am joined in the exploration by Jonathan Armstrong, a partner at Cordery Compliance in London. GDPR compliance mandates some specific policies and procedures that Jonathan Armstrong and the team at Cordery Compliance in London suggest that you put in place at this time for the GDPR go-live date of May 25, 2018.

Armstrong believes there are two key policies to begin your process with going forward. The first should be an internal document you send to all employees which reiterates the basics of data protection which are the simply tactics of being aware, deleting suspicious emails and not opening unknown attachments or attachments from indeterminate sources. This first policy should also inform all employees on their basic duties in response to GDPR. This first communication should be companywide, and you should take steps to make sure that it is communicated throughout the organization with a sufficient level of importance.

Armstrong suggests a second policy which will be much more focused on GDPR compliance so there will also need to be robust procedures created to implement the specific requirements of GDPR. You will need policies on and procedures around the new rights created under GDPR.

As May 25 nears, you need to put these policies and procedures in place. Your training should also commence as well. I hope you continue to join Jonathan Armstrong and myself as we provide a Countdown to GDPR. For a fuller explanation of policies and procedures, visit the Cordery GDPR Navigator, which provides a wealth of information to utilize in your data privacy compliance program. Finally, Jonathan Armstrong will be in Houston on April 10, 2018 to put on a 3-hour workshop on GDPR. The event will be held at the South Texas College of Law, from 9-12 AM. You can find out more information on the event and register by going to the site.