There’s one year to go before the new GDPR rules come into force.

Do you know what effect they will have & how you will need to change your business processes to ensure compliance?

Here’s our 10 step plan of action to meet GDPR;
  1. Awareness: Are senior leaders in your business aware of the new regulations & when they come into force? Everyone should be made aware that the law is changing & that this will likely have a big impact on data held & processing systems
  2. Information: Assess the existing data you hold, know where it came from & who you share it with.
  3. Communication: Update your privacy policies in line with the new regulations – people must be made aware what your legal basis is for processing their data.
  4. Personal rights: Review your processes to ensure they cover individuals’ rights – know how you would delete their data or supply the data in a common electronic format if requested. Understand how you would deal with any access requests.
  5. Understand the legal basis: Ensure you can explain the legal basis for processing personal data.
  6. Consent: Review how all data is obtained, how you are gaining consent & whether it meets GDPR.
  7. Age related consent: understand how you are going to verify a person’s age & gain parental or guardian consent if required.
  8. Security: Make sure you have robust procedures in place to detect, report & investigate any data breaches, as any breaches will need to be reported to the ICO.
  9. Data protection: Check the ICO guidance on Privacy Impact Assessments and how you can implement these.
  10. Responsibility: Some organisations will be required to designate a data protection officer to take on responsibility for date compliance. Whether you are required to or not, it’s a good idea to have someone responsible for implementing GDPR so that one person takes charge of ensuring the requirements are met.


Recent Posts


see all