What Now? Steps CFOs Should Take After the GDPR Implementation
The General Data Protection Regulation (GDPR) of the European Union has set the newest standard in data management and privacy rights not just in Europe, but everywhere else in the world. Companies have now made their moves to comply with the EU’s directive and avoid the hefty fines. As the buzz with the GDPR dies down, it is important to think of the next steps that finance professionals and their teams should take as authorities continue to enhance financial services
Here are the things that should be included in your checklist of activities after the GDPR
1. Assess and evaluate your GDPR compliance.
The GDPR introduced a number of innovative measures relating to cybersecurity in accounting and finance. This includes numerous rights provided to the data owners, new regulations relating to the processing and management of data, and the new roles required by the EU in every organization. It is important to review the different areas of the GDPR in accounting and finance and find out which requirements have already been met and which measures are still for compliance.
2. Update records and send notices
After checking with your compliance to the GDPR in terms of your processes and structure, the next thing in your list should be to check your records and update them accordingly. Data owners now have the right to opt out of any database and request to do so should be processed accordingly. Also, data processors and managers should check that the personal data that they are collecting and retaining are necessary for their purpose. Other details that are unused should also be deleted.
3. Set up a process for managing data requests
The buzz created around the implementation of the GDPR has spread awareness of the data rights of individuals. As more people are becoming aware of how they can control the data that they share, you can expect more people to make requests in line with the GDPR.
People can now ask data managers and processors for a record of the information that they have collected from them, the means to access these information, the right to correct and/or update the information that have already been collected, withdraw or modify their consent, and even ask the organization to wipe out their personal information completely. Organizations must set-up processes on how to manage these requests and avoid fines that come with non-compliance to data requests.
4. Relevant staff training
The most important step to take before and after the GDPR implementation is to train your staff in performing their functions in line with the provisions of the directive. It important that your people are updated on their responsibilities as data handlers and how the GDPR can affect the execution of their roles. Together with updated processes, you can have an increased peace of mind with regard to your GDPR compliance.
The implementation of the EU’s GDPR is just the beginning of tighter measures in financial services cybersecurity. Complying with the GDPR measures as early and as rigorous as you can not only increase your financial services
Need additional help as you work on your GDPR compliance? Talk to D&V Philippines today and see how our globally-competitive finance and accounting professionals can help bring value to your financial and accounting processes. Download our Finance and Accounting Solutions for UK CFOs content offer below to find out more.