Are you GDPR ready? With the new data protection legislation looming, you must be prepared for the impact that this could have on your company if the legislation isn’t taken seriously.
We’ve read so many articles about the GDPR over the last 12 months, but recently we came across one via the Information Commissioner’s Office (ICO) which we feel is a good overview for the ways in which you can get prepared for the legislation changes coming into effect on the 25th May 2018, without the time and expense of attending an external course.
Here’s an overview of the 12 important steps that you can take now to prepare you for this. The full document can be found here:
Step 1 – Awareness
It is imperative that all key decision makers within your company are made aware of the change in legislation that is coming into effect in May. They need to be aware of the impact this may have on your company.
Step 2 – Personal data you hold
Any personal data that you hold, it is recommended that a full audit is carried out in order to find out what information you have, where it came from and who you are currently sharing it with.
Step 3 – Communicating your privacy policies
Take a look at your current privacy policies and review the content. You will need to make any changes in time for the GDPR coming into effect.
Step 4 – Individuals’ rights
Make sure your procedures cover how any personal data may be deleted and how data will be provided electronically. All rights that individuals may have, need to be covered fully.
Step 5 – Subject access requests
Any procedures need to be updated and you should plan how you are going to respond to any requests within the new timescales, providing any additional information where necessary.
Step 6 – Lawful basis for processing personal data
Step 7 – Consent
Refreshing existing consent needs to be done now if they don’t meet the new GDPR criteria. Check whether your current way of seeking, recording and managing consents needs to be modified.
Step 8 – Children
The GDPR will introduce special protection for any personal data relating to children. Now its time for you to consider whether you need to implement systems to verify ages of individuals, or to obtain consent from a parent/guardian with regards to any data processing activity.
Step 9 – Data breaches
In order to look into a potential data breach, you must make sure you have the correct procedures in place in order to detect, report on and investigate a data breach issue, should it arise.
Step 10 – Data protection by design and data protection impact assessments
The ICO has information on their Privacy Impact Assessments to help you to implement them within your company and when to do it. It is good practice to take on a privacy by design approach. The full document to explain this in more detail can be found on the ICO website.
Step 11 – Data protection officers
Within your company, you need to choose someone who will take responsibility for ensuring that your procedures match the new criteria for the GDPR. You should consider whether there is the need to formally designate a Data Protection Officer.
Step 12 – International
Does your company operate in more than one EU country where you carry out cross-border processing? If yes, you will need to find out your lead data protection supervisory authority. The full document, explaining how to do this, can be found on the ICO website.
We hope that this has given you some good points to get you prepared for the new legislation coming into effect. For further information on any of the above points, or more infomational tools around GDPR, visit: www.ico.org.uk.
Is your website GDPR compliant?
We are currently advising our clients on how to make their data capture forms on their websites GDPR compliant. To help you, we are currently offering FREE website audits.
Is this of interest?