The GDPR deadline is fast approaching and so many organisations still have some work to do in order to be compliant with the new regulations. Recently the GDPR Coalition released the scenarios where GDPR is applicable to facilitate people identify how you and your company need to act.
The 25th of May of 2018 will mark the end of the transition period for the GDPR and will mark the full implementation of the new regulation.
How will the GDPR affect a Nigerian Company with foreign participation?
A Nigerian organization gathering and preparing individual information of EU occupants needs to comply to the regulation. To a great extent, multinational organizations, monetary administrations and internet business stages process huge individual information of information subjects spread over the globe including the EU
Check it out the scenarios below where the GDPR is applicable and where you need to be ready for the changes.
EU PARENT COMPANY
If your parent company is registered in the EU territory, it is possible that GDPR compliance may be coordinated at that level. If that is the case, you may be able to rely on parent company procedures.
PERSONAL DATA LOCALLY?
It is likely that local data will be held, which may not be captured by parent company processes. Examples might include HR/payroll, mobile phone contacts. The best option is to perform an audit of local data captured to ensure that it is processed in accordance with corporate procedures.
You might consider formally advising local suppliers of your potential need to audit their processes for GDPR compliance, particularly where local suppliers are a key part of the supply chain.
Training is required for everyone in the company, doesn’t matter the position, from the goods received clerk to the board of directors. Embedding GDPR principles in the company culture will be critical in achieving compliance. Therefore, while training is important, ‘tone from the top’ it is also critical.
When evaluating the results of a data audit, you should consider the status of archive documents which are held off-site. Particular consideration should be paid to documenting the control of such information when it is retrieved from the archive and re-introduced into the main body of company documentation.
TRADING WITH NON-EU COMPANIES
If you are trading with entities in a 3rd country which does not have an adequate data protection regime, the transfer of personal data may only take place via a legal transfer mechanism.
BE READY FOR THE GDPR – INVESTING IN TRAINING
At New Horizons Nigeria we offer a wide range of courses to lead you directly to the most important trends and news about the GDPR. Don’t wait until May, start your plan today and avoid the enormous GDPR fines.