There’s one year to go before the new GDPR rules come into force.
Do you know what effect they will have & how you will need to change your business processes to ensure compliance?
Here’s our 10 step plan of action to meet GDPR;
- Awareness: Are senior leaders in your business aware of the new regulations & when they come into force? Everyone should be made aware that the law is changing & that this will likely have a big impact on data held & processing systems
- Information: Assess the existing data you hold, know where it came from & who you share it with.
- Communication: Update your privacy policies in line with the new regulations – people must be made aware what your legal basis is for processing their data.
- Personal rights: Review your processes to ensure they cover individuals’ rights – know how you would delete their data or supply the data in a common electronic format if requested. Understand how you would deal with any access requests.
- Understand the legal basis: Ensure you can explain the legal basis for processing personal data.
- Consent: Review how all data is obtained, how you are gaining consent & whether it meets GDPR.
- Age related consent: understand how you are going to verify a person’s age & gain parental or guardian consent if required.
- Security: Make sure you have robust procedures in place to detect, report & investigate any data breaches, as any breaches will need to be reported to the ICO.
- Data protection: Check the ICO guidance on Privacy Impact Assessments and how you can implement these.
- Responsibility: Some organisations will be required to designate a data protection officer to take on responsibility for date compliance. Whether you are required to or not, it’s a good idea to have someone responsible for implementing GDPR so that one person takes charge of ensuring the requirements are met.