[vc_row][vc_column][vc_column_text]As May 25th approaches every company in the EU is struggling to be GDPR compliant before the due date, specially the start ups. Here are some things you should take into consideration to adapt your start up to be GDPR compliant.
Keep your data inside the EU
One of the biggest requirements of the GDPR is that personal information stays within the EU. If you are storing personal data on residents of the EU or non residents that are doing business with you then your servers must be located in Europe. For international data transfers, there are also new rules to protect the users that must be taken into consideration.
What are you storing?
One big issue here is the type of data that you are intending to store and process. From now on the data that you intend to store and process needs to be absolutely necessary for the functioning and services your company is trying to provide. This takes after the principle of Data Minimization. Also you will need to give people the option to opt-out and or change their information.
Ask for consent
The new rules state that is mandatory that any company working with any kind of user data and sharing it with a service provider have to place an opt-in checkbox for users before they submit their information.
It’s all about the processes
The main aim of the GDPR is that companies put into place a set of processes establishing how they handle the personal data they get from their users. This means that companies need to state:
- How they get their information
- Measures to ensure that the information was given willingly
- Where and how is the information stored/processed
- What are they using the personal data for
- Until when they keep the information
- How and when they delete the personal information that is no longer needed for the business.
What can Lexidy do for me?
At Lexidy we can asses your company situation regarding GDPR and help you establish the processes you need to be compliant with the GDPR. Contact us and get a free consultation.