Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 0 views

    2_Strategy_document

    Uploaded by

    Dragi

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    2_Strategy_document

    Uploaded by

    Dragi
    0 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    0 views4 pages

    2_Strategy_document

    Uploaded by

    Dragi

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 4

    GDPR STRATEGY

    1
    What does my GDPR strategy document do?

    Your company’s GDPR strategy document is designed to outline your commitment to observe
    and comply with all aspects of the General Data Protection Regulation. Your strategy document
    offers a high-level explanation of how your company plans to organise and implement your
    compliance with GDPR and is a crucial tool to demonstrate to regulators that your company is
    serious about GDPR.

    Do I need a GDPR strategy document, and will I need to update it?

    Although it isn’t a mandatory aspect of GDPR compliance, you will most likely find it incredibly
    beneficial to complete this document. After completion, you should then review this strategy
    document at least every six months and amend as necessary, to ensure your company is
    delivering continued and adequate GDPR compliance.

    Instructions

    Read and fill in the template below, inserting your company’s particulars where prompted, and
    keep this template for safekeeping.

    2
    Introduction
    The General Data Protection Regulation (GDPR) is a new legal framework set up by the
    European Union in April 2016 to build upon existing data protection legislation. GDPR came
    into effect on 25th May 2018, and has introduced a range of fresh guidelines spelling out the
    rights of consumers and dictating how companies can store and share information.

    As a hugely significant change to the global business landscape, it is critical that [COMPANY
    NAME] embraces all aspects of GDPR to maintain full compliance.

    Our obligations for GDPR compliance


    Here at [COMPANY NAME], we fully appreciate and support the European Union’s focus on
    expanding upon digital rights. As a company, we strongly believe in the need for greater
    business transparency and accountability concerning the collection and handling of personal
    data.

    That is why [COMPANY NAME] is a firm advocate of GDPR and its many implications. These
    include among many other aspects:

     The Right to Object to Processing

     The Right to Be Forgotten

     The Right to Data Portability

     The Right to Withdraw Consent

    As part of our commitment to GDPR and the rights of our customers and clients, [COMPANY
    NAME] vows to ensure our organisation considers and actions all necessary changes
    surrounding data processing, data storage and the disposal of personal data.

    This includes a commitment to fully fulfil Breach Disclosure Requirements by notifying


    authorities and concerned individuals of any compromise within 72 hours. Moreover, as part of
    our GDPR strategy, [COMPANY NAME] will complete impact assessments wherever possible, to
    identify and deliver the best service possible, as well as to extend our customers a guarantee
    that data is being kept secure.

    Furthermore, we pledge to uphold the following key values and responsibilities:

    3
    [COMPANY NAME]’s strategic values and responsibilities
     We vow to demonstrate full responsibility and dutiful respect as a keeper of
    customer, client and employee data.
     We totally support GDPR and its requirements, and will do everything within our
    power to appropriately resource and fund any changes we must enforce to ensure
    [COMPANY NAME] can meet its obligations.
     We promise to maintain ownership and transparency concerning data protection and
    privacy across all elements of our company.
     We pledge to create and maintain a purposeful data processing inventory
    documenting all data operations, including collection, processing and storage.
     We guarantee to extend every possible show of support to individuals intent on
    exercising their rights as outlined under GDPR legislation.
     We will conduct a regular review to assess the legality and purpose for the collection,
    processing and storage of personal data.
     We vow to act upon identified gaps and develop robust processes to maintain full
    GDPR compliance.
     We promise to clearly communicate the business purpose and legal grounds for any
    transfer of data – including transfer outside of the European Union.
     We will contact all partner organisations, contractors or other third parties to identify
    their own GDPR commitments, establish relevant contract terms and solidify GDPR
    compliance controls.

    You might also like