HOW TO BEGIN YOUR JOURNEY
Meeting GDPR calls for considerable investment in time, effort, cost and expertise. Businesses, due to various reasons, may find it restricting to meet specified guidelines. One way to solve for this is being part of a cloud ecosystem. SaaS providers already operating on a robust and secure model for data management yield a safe environment to manage and process your data.
- If your business uses software developed in-house, you need to ensure institution of processes that satisfy principles — Privacy by design and Right to be forgotten. Saas companies compliant with GDPR, by default satisfy these principles, and you can eliminate costs and effort for compliance by switching to SaaS. Being part of SaaS ecosystem also saves you the effort to tackle new compliance needs.
- For businesses using on-premise software, the GDPR does not ask for Privacy by design but is required to meet guidelines for secure storage and protection of personal data. Freshworks is Privacy by design ready and you can find details on our data hosting here.
Therefore, the first step towards compliance is to ask your vendors if they are GDPR compliant, and if they are not, Freshworks is here to help.
Meeting GDPR can be summarized into 4 stages:
- Identify personal data and where it resides: With GDPR around the corner, knowing what personal data you have and where you have it has become a necessity. Locate systems and create an inventory where personal data is collected and stored. Raise awareness about significance of the regulation among organizational leaders and seek executive support.
- Assess collection, storage and use of this personal data: Re-examine existing processes and policies against data protection requirements. Assess data protection mechanisms and privacy impact involved in processing of high-risk personal data. These assessments include planning and documenting mitigation measures to help control and minimize these risks.
- Implement policies and controls to prevent, detect and report data breach: Introduce privacy notices wherever personal data is collected. Have controls to limit use of data, to purposes for which it was collected. Implement appropriate security measures to detect, respond and report security breaches.
- Maintain up to date documentation on data processing and vendor contracts: Document and manage personal data from a central location. Consolidate and maintain up to date documentation to action data requests and report data breaches.