The coronavirus pandemic has led to a sudden and large shift towards online services. People are spending more time online and depending more on digital communication. Such heightened online activity can attract malign actors and increase the potential of cyber-attacks. Social distancing has transformed the way we connect, research and innovate at work. This is why Kitanovski & D2EM decided to establish GDPR compliant processes within our organization. To help our educators in the post-coronavirus context, we hired CONTROL CERT GDPR experts to implement new digital competence guidelines that include practical steps, key actions, tips, and online resources.

CONTROL CERT has taken an initiative to provide the team members with a fundamental understanding of the GDPR, which will make them alert of the ramifications of data misuse. The session discussed the principles of GDPR, roles, responsibilities, and also the processes of how the components can create value for the company and reduce the risk of non-compliance. The activity has led the participants to make more effective decisions regarding GDPR compliance in the daily business procedures and operations and comply with the individual responsibilities for the benefit of the organization and the customers. Implementing the system we understood that under GDPR, you are required to document your processes and procedures on how you safeguard information on EU data subjects and to evidence compliance with all elements of the GDPR.

Since there are many questions nowadays regarding the GDPR we decided to share the experience we had on what are the 9 most important steps into implementing GDPR:

Step 1 Prepare for your GDPR project

· Create a project plan to implement GDPR

· Include the right stakeholders in your GDPR project.

· Conduct a readiness assessment to find out what tasks you need to perform.

Step 2 Define your Personal Data Policy and other top-level documents.

Step 3 Create an inventory of processing activities.

Step 4 Define an approach to managing data subject rights

Step 5 Implement a Data Protection Impact Assessment (DPIA)

Step 6 Secure personal data transfers

Step 7 Amend third-party contracts

Step 8 Ensure the security of personal and sensitive data

Step 9 Define how to handle data breaches

Depending on the results of the readiness assessment you performed at the beginning of your project, you might not need all the steps that are displayed here; however, if you have no privacy protection in place, it is likely that you will have to perform all the mentioned steps.

In any case, make sure you have implemented all the relevant steps – otherwise, you might have to pay some rather high fines for being non-compliant.