How Asia-Pacific Businesses Must Prepare For The Impact of the GDPR

How Businesses Must Prepare For The Impact of the GDPR in Asia-Pacific

It is essential for firms to understand the scope and complexity of their business activities first and have a good understanding of their internal processes in order to comply with the GDPR. Compliance with existing data protection laws of their own countries is likely to provide a good starting point.

Here are some typical steps that will help Asian firms prepare:

  • A clear data mapping of the types of personal data gathered and processed, whether as a controller or a processor
  • A gap analysis to assist in understanding what additional processes might need to be put in place, extending beyond compliance with regulation
  • An assessment of the existing IT infrastructure and cybersecurity arrangements to determine if there are any gaps (with a credible, time-bound plan to resolve them)
  • Issuing relevant privacy notices to all the different types of data subjects and obtaining consent where appropriate
  • Establishing contractual obligations with outsourced processors
  • Training all staff to ensure they understand their respective roles and responsibilities regarding data protection
  • Keeping evidential, auditable records
  • Having adequate processes in place to identify, analyze and report any data breaches
  • Appointing an European Economic Area representative as the liaison with EU supervisory authorities and data subjects, where applicable

Read More: Latha Balakrishnan - Duff & Phelps | Brink News