Save Big on Taxes with Expert Assisted ITR Filing from ₹799!

Got an ITR notice? Talk to our CA for the right response.

12 Essential Steps To Become GDPR Compliant

In this article, we will discuss the General Data Protection Regulation and the compliances involved therein

Data is quickly becoming the most valuable asset right for companies right after cash. In fact many social media companies that offer free services to their consumers are valued purely on the basis of the data they possess regarding their users. Data mining, compilation and analysis gives companies an excellent insight into the consumers minds. It tells them what they want or what they are lacking or what pleases them.

So it is no surprise that regulation of data has become a matter of importance to the legislative bodies of various countries. Their businesses should feel invulnerable from cyber attacks that try to hack data from their servers. With this in mind the GDPR or the General Data Protection Regulations were brought into the picture.It is important that an organisation follow the GDPR regulations without fail. This is a regulation which mainly aims in protecting and maintaining organisational data.

These regulations have laid out a list of steps or guidelines that help businesses secure their data. Entrepreneurs who have just started with their business must know about the steps to be followed to become a GDPR compliant organisation or company.

The General data protection regulation is a compilation of 99 articles that deliver a complete explanation of the regulation. Each organisation is different from each other, it is not possible to provide an exact remedy that will assure your organisation in its compliance.

A document has been released by the Information Commissioner’s Office recommending 12 steps which should be taken to comply with GDPR compliance. Let us take a look at these steps.

Steps To Become GDPR Compliant

The guidelines issued by the Information Commissioner’s Office suggest 12 basic steps that all organisations can follow to ensure that they are GDPR compliant. Let us take a look at those

Documenting The Data

Make sure you document all the personal data that is in hold with you, and whom you share this data with.  An information audit has to be conducted to ensure the level of security here. A detailed list of all the data which you possess has to be made and marked from which source it has been taken. It will be easy to process your data if it is separated into categories.

And all the data that is available has to be processed legally. Consent of all the clients/ customers has to be taken to stock their data with you Connect with all your clients / customers for the diverse types of communication you will be sending them.

Cookie Policy

According to GDPR, if a cookie can identify an individual it is considered as processing of personal data. To comply with GDPR, your company Cookie policy needs to be adjusted accordingly.

The clients / customers should be given an opportunity to opt-out by specifically stating what kind of cookies are active on your website. This means that you will need to get the consent of the client/customers before the algorithm begins the analytics tracking script.

Record Of Documents

Two different kinds of documents have to be maintained to record the consent of clients / customers. One document to record who gave the consent and the other one is to maintain who did not give the consent.

Update The Procedures

Check your procedures to ensure that you can accommodate the rights of individuals to be provided with their personal data in a commonly used format, and that you can delete their data on request. Update your procedures so you can handle those requests within the required timescales (usually one month)

Consent Of Clients / Customers

Make sure you store the data of clients/customers which is useful to you too with the consent of the clients/customers. If you have not obtained the consent of the clients/customers you do not have the right to store such data.

Data Storage Time Duration

There is no specific duration as to how long the data can be stored. It is said that it has to be stored for the shortest period that is possible. If the customer data that has been stored has served its purpose, then it should be deleted immediately. If it is not deleted the customer should be informed that you are still in possession of their data.

Deletion Of Account

When an account is deleted, you must reach out to the individual and seek consent to continue to store their data. If they give their consent you can store their data or else, you need to delete their data.

Data Breach 

Make sure you have procedures in place to detect, report, and investigate a personal data breach.

Data Protection Officer (DPO)

Designate someone to take responsibility for data protection compliance. Appoint a Data Protection Officer if you don’t have one and make sure to inform your Users about it.

Data retention: A data retention schedule has to be created in accordance to data destruction policy in order to periodically destroy the data which reaches the retention deadline.

Encryption Of Records

Make sure your company’s desktops are encrypted. Check and maintain a record of physical security of data such as paper filings, USB disks etc.

Rights Of The Clients / Customers

Through GDPR clients/customers have the right to get informed, right to elimination, right to modification, right of access, right to data portability, right to restrict the data processing, right to object, rights related to automated decision making and profiling. So, make sure your company comply with all these rights of the clients/customers.


It is obvious that business data is a critical element and it must be protected in the right way. Follow the above-mentioned steps so that your organisation would be considered as a GDPR complaint which in turn secures the users trust while they share their personal data with you. The GDPR regulation ensures the security of customers’ information.

You can also hire a professional dedicated to GDPR compliance. If you have any other queries or requirement of any regulatory assistance, get in touch with us and our team of experts will help you with your needs from there on.

Read more:-

Subscribe to our newsletter blogs

Back to top button


Remove Adblocker Extension