How to get ready for GDPR?


Only until 25 May 2018 will you have time to implement GDPR in your firm. Use this time wisely to avoid heavy fines. And time is scarce. Plan the next steps carefully to make sure you have enough time to take all necessary actions.

1.    Increase awareness in your firm that changes are on the horizon

Make sure that decision makers understand what the coming changes involve and what are the consequences of non-compliance with GDPR. Organize a training for heads of departments in your firm. Make them aware that the obligation to implement GDPR concerns everyone dealing daily with personal data.
2.    Analyse processes which involve personal data processing
This is the right time to carry out audit of policies, define processes which involve personal data processing in the firm, meet and talk with team leaders.

3.    Verify on what legal basis you collect and process personal data.

Meet the persons who supervise the collection of respective categories of data. Pay a visit to HR, Marketing, Sales and IT director.  Determine jointly what is the objective of collecting personal data, where are the data stored and who can access them.
Double check:
•    What kind of data does your firm process?
•    Are the collected data updated?  
•    What is the time of data retention?
•    Does your firm collect any excess data which in fact are of no use in view of business objectives?
•    How  the rights of individuals are addressed?
•    What activities involving personal data processing will the firm undertake in the future (new processes, new IT systems)?

4.    Check if you have procedures to enforce the rights of individuals?

Update or create a procedure for enforcing the right to access data, right to amend and delete data, right to refuse automatic decision making processes and profiling and the right to transfer data.

5.    Procure documentary evidence for processes involving personal data processing. 

 This is the time to draw up policies, procedures and authorizations. The quantity of data your firm is processing will be reflected in number of processes which you will have to develop at this stage.  

6.    Carry out data protection impact assessment, if required. 

Determine legal, organizational and IT measures that will reduce risk of breaches of personal data protection. Consult experts in this field, take notice of the supervisory authority’s guidelines.

7.    Review data entrustment agreements in terms of their compliance with GDPR, amend them, if needed.

Check if the services your firm is providing require new entrustment agreements to be drafted. If so, make sure they will be signed.

8.    Check if IT systems comply with GDPR requirements.

Carry out appropriate penetration tests, make sure that data stored in IT systems comply with the data protection requirements by design and by default settings.

9.    When you finish, begin anew…

Remember that preparing for GDPR is a never-ending process. Now, you have to make sure that any new data will be stored in line with principles introduced by GDPR.

It is worth paying special attention to the preparation of your firm for GDPR. At stake is even a EUR 20 million fine for non-compliance with new regulations.  


Download pdf version of this Newsletter here.

Subscribe our newsletter

If you want to be up-to-date, subscribe our newsletter!

Contract Administration

City Business Center 5 Karadžicova 16
821 08 Bratislava
✆: +421 901 911 197

Contract Administration
Sp. z o.o.

ul. Hrubieszowska 2
01-209 Warszawa
✆: +48 22 295 3200

Contract Administration

Masarykova 34/413
602 00 Brno
✆: +420 542 425 824

Contract Administration
Sp. z o.o.

ul. Strzegomska 142A
54-429 Wrocław
✆: +48 71 733 1300

Contract Administration
Sp. z o.o.

ul. Smoleńsk 18/1
31-112 Kraków
✆: +48 12 334 9100

Contract Administration
Sp. z o.o.

ul. Nawrot 114
90-029 Łódź
✆: +48 42 671 8560

Contract Administration

U Garáží 1611/1 Praha 7 Holešovice
✆: +420 221 111 611




Warszawa, Wrocław, Kraków, Łódź

Czech Republic

Brno, Prague

Choices pertaining to cookies on this website

Contract Administration Sp. z o.o. may use the cookies to store login information, collect data for the purposes of optimising website operation, and provide advertisements tailored to your interests. Choose, in the manner described below, whether this website may use functional or advertising cookies

zamknij This website uses cookies to provide services in line with Cookies policy. You can define terms and conditions of storing or accessing cookies in your browser.