• Assess, what part of data protection actually depends on you

• Think, what can you improve and what can you suggest

• Consult and take initiative to reconcile data protection and business

Up to this point, you probably thought of what data you process, what assets do you use and considered any doubtful cases. Write them down, as these might be good questions to ask inside your firm.

You also thought of your roles and responsibilities and what data could be excessive in relation to them. As you now have more clear vision on what data are under your control, now think of what influence do you have: to what extent you are you able to decide how to process data, what assets to use, where to store it and what safeguards to apply.

Your actual control is also the core of your responsibility. This is where you do not just follow instructions from your employer, but have some margin of appreciation to make your job more efficient. You need to assess whether that freedom is good or bad for you and for data protection level.

And the answer is not always clear. Usually, clear instructions and solutions are good, as the data protection system needs to be coherent and coordinated. But a good system is also decentralized, where staff members like you have their say on what solutions secure data, but not impede business and daily work. For instance, requirements to encrypt each single file or remember too many complex passwords might encourage you to bypass them and as a result, not apply the safeguard at all.

I want you to consult such issues and take initiative. Be honest and admit both issues with security and issues which security itself causes for business. Report any changes to assets or new processing operations you plan to start. GDPR applies in design phase, before you start to process data. And this is really efficient, as adjusting a new solution is easier than changing an existing one.

Next: GDPR staff training 11/17 – how do you approach data protection right now?

Table of contents:

GDPR staff training 1/17 – preview

GDPR staff training 2/17 – how do you approach data protection right now?

GDPR staff training 3/17 – why protect data at all?

GDPR staff training 4/17 – what are personal data?

GDPR staff training 5/17 – what is personal data processing?

GDPR staff training 6/17 – who processes personal data?

GDPR staff training 7/17 – how personal data should be processed?

GDPR staff training 8/17 – what are your roles & responsibilities?

GDPR staff training 9/17 – why the need to know principle is so important?

GDPR staff training 10/17 – what difference can you make?

GDPR staff training 11/17 – how do you approach data protection right now?

GDPR staff training 12/17 – why provide information on data processing?

GDPR staff training 13/17 – what is the sense of consents to data processing?

GDPR staff training 14/17 – what to include in and how to apply contracts?

GDPR staff training 15/17 – what to include in & how to apply contracts?

GDPR staff training 16/17 – how to handle data subject requests?

GDPR staff training 17/17 – wrap-up

Self-implement GDPR in 16 steps:

Complete data protection system – A-Z course & templates