The founding partners at Paratum Consulting and partner at KVALE lawfirm, Mr. Jens Christian Gjesti met as speakers at the same GDPR conference in Gjøvik earlier this year.
Mr. Gjesti shared many of the same thoughts with regards to GDPR and privacy matters as do we. A well defined plan, discover and manage your information, protect your data and make sure you can report on your GDPR compliance. He also had some clear thoughts on what not to do. Sharing the common interest in helping our customers in the most efficient way, we may say that we share a common platform.
We asked him to give us three easy steps that one should consider as they start on their journey towards GDPR compliance, and Jens Christian quickly replied;
1. Start by assessing what your situation is
You must identify and MAP how you process your personal identifiable information and why. To help you on your path, use the free tool here: (www.personverntesten.no). This tool gives you answers as to where you are in relation to the requirements in GDPR.
2. Quantity over quality
The "Datatilsynet" does not hand out prices or certificates for doing things right. In this regard, quantity is actually better than quality as long as you do what is necessary to meet the minimum requirements.
3. Don't procrastinate
Do something! rather than nothing. There will be some low hanging fruits such as privacy statements on your website, or a data processing agreement. Documenting or providing evidence that you are meeting requirements will substantially reduce risks.
Paratum Consulting does not offer judicial advice nor do we write data processing agreements or privacy statements on behalf of our customers - however, if you do not have legal representation already - we have just the right lawyer for you.
For the benefit of our customers we will continue to grow this relationship.