Personal data protection is an ongoing concern

Data protection compliance is not a project we complete and then put aside on a shelf. Quite the contrary, it is a journey that never really ends.

Skrb za upravljanje z osebnimi podatki se nikoli ne konča

The General Data Protection Regulation (GDPR) is intended to improve and consolidate the personal data protection practice. It applies to all organizations who collect and/or process data of the EU citizens.

If you are still neglecting this issue, trying to sweep all the problems under the carpet, you need to remember that fines for non-compliance are set quite high, and failure to abide by legislation may in extreme cases result in the company going out of business.

Five practical tips for ensuring compliance

Although the consequences of negligent action may be very unpleasant, the aim of this post is not to frighten you. We merely wish to give you a few useful tips how to move closer to better compliance in data security in the company and efficiently manage the data collected.

#1 Don't panic

The GDPR is a pretty serious document and it may be quite stressful for many companies to follow up on the legislation and its amendments and implement them in their daily oeprations. If you are overwhelmed by such challenges, start by breaking down the project into manageable units and handle them one at a time. However, it is important that you consider the project and the time you will invest in it as a major step towards higher data protection compliance. The reality is that this project will never be entirely completed so do not even begin to think that you will ever be able to tick it off your To-Do list.

#2 Make a risk assessment

Once you've taken a depeer look at personal data protection, it is advisable to assess your risks. Thus, you will find the weak spots of your data protection system. The new coronavirus, which has forced many companies to ask workers to work from home, has shown that many companies are not accustomed to such work practices, either in terms of organization or infrastructure required to provide employees with quick access to needed daa and ensure a suitable (confidential) data protection level.

#3 Start with the highest risk

Once you've analyzed the situation with regard to personal data protection, you will have to roll up your sleeves and get to work. Set the priorities, but remember it is best to start where the risk is highest. If you are in the dark, you can always hire experts who for whom personal data protection is their daily bread and butter.

#4 Understand data and know why to collect them

A large part of understanding the GDPR is related to the question why an organization collects data in the first place. Apart from that, you should also have complete control over what kind of data you collect, how data is stored, where and how it is shared, and what purpose it is used for. If you are unable to answer these questions, you’re in for a long ride before achieving compliance of your personal data protection operations.

#5 The importance of a formal control system

You have developed you internal process for achieving and maintaining personal data protection compliance. What you need now is a formalized system that allows you to control the process. The control system will give you an overview over why your organization collects data, how it stores them, and how it uses them. In this step it is helpful to use the services of an (external DPO), who can offer expert advice on the collection and processing of personal data, the GDPR, and compliance in both.

Praktični nasveti za zagotavljanje skladnosti

A serious and systematic approach is the only way to compliance 

The subject matter covered by the GDPR is complex, wide-ranging, and susceptible to change. We should consider this when planning our approach. Every enterprise that approaches compliance in personal data management in a serious and systematic manner will eventually reach a point where the risk of error is minimal and personal data security is high.

Finally, let me stress again that this road has no end. Protection of personal data is like brushing teeth – if you stop brushing, you risk running into serious (and painful) problems.

Want to know more? Contact us!

Alenka Fic Mikolič

Alenka Fic Mikolič is Mikrocop's Compliance and HR Management Expert who connects accounting, finance and controlling with the company's other key areas striving for the achievement of common goals. She is in charge of Mikrocop’s digital journey, from deploying new technologies to modifying the corporate culture and ensuring regulatory compliance.

Grega Vozel

Grega Vozel acts as the Personal Data Protection Officer (DPO) for Mikrocop and its business partners. In his work, he strives to ensure the highest ethical and legal standards. He does not accept compromises when it comes to the protection of personal data of customers and employees.