A six-step action plan for EU GDPR consent mastering
Why GDPR is relevant to all of us
All EU citizens, as data subjects, have a vested interest in industry getting GDPR compliance right because it can impact our trust in the organisations who hold and process our most personal information. If you are a Data Controller or Data Processor the journey to GDPR compliance must seem like an arduous and difficult venture that it is almost impossible to begin. The financial and reputational costs of getting it wrong are well known, and the clock is ticking, so this blog posts provides some ideas on what to do first.
The most important letter in GDPR is the D – it is all about the data and an individual’s consent to hold and use that data. The ability to capture, manage and disseminate consent will differentiate your GDPR compliance initiative from other regulatory obligations and enable you to find a focused place to get started on the first stage – information gathering (or discovery).
The process of doing this is what we call consent mastering – creating a single source of truth about an individual; the data you hold on them; their consent to use it and, crucially, your ability to keep that data current. We believe that a multi-faceted approach to GDPR is necessary and that it should be undertaken within a holistic data management strategy for your organisation.
This paper highlights the following six steps:
- Know what information you hold on Data Subjects
- Understand the legal basis for processing personal data
- Think about whether you have consent to hold and use this data
- Consider how you will deal with the data of minors
- Figure out how to uphold the rights of individuals
- Agree how to process access requests from Data Subjects
Key actions you should undertake to help you meet your GDPR obligations
How Entity can help you with GDPR compliance
The journey to GDPR compliance may seem daunting, even with an action plan like this. Perhaps you would like some help on the first step or a check-point along the way? Entity Group focuses on all things data. If you find this six-step action plan helpful we can also provide you with some signposts for the next steps in your journey, such as data strategy, data governance and implementation, and advice on some useful items to help you along the way.
Contact us for more information on:
- Entity Group’s ‘crossing the data delta’ model for information management
- Our GDPR specific data
- Advice on which technologies can support different stages of the process of compliance
- Overviews and training for your colleagues and stakeholders on GDPR and its potential impact