GDPR replaces the current Data Protection Act and means all EU countries will be following the same data regulations going forward. So how can you make sure your business is GDPR compliant? The Information Commissioner’s Office (ICO) has created a number of guides and checklists for companies on its website to make it really easy to check out how the GDPR will affect your business and what you need to be doing right now to ensure compliance, including a 12-step checklist which we have recreated here for you:
Is everyone in your company aware of the changes which are coming? Does everyone who deals with data know and understand what GDPR is and the impact it will have?
Check what personal data your business is holding currently and understand where it came from and how you use it, so that you can answer any questions later.
Have a look at all of your privacy policies and statements and make sure they fit in with the new GDPR regulatory requirements. You will need to update them.
Make sure you have processes in place to meet the new individual rights including the ability to delete someone’s data if requested.
Make sure you have procedures in place to deal with someone’s request to access their personal data and for you to provide that information to them.
Check out all of the personal data processing which you undertake and make sure you have a legal reason for doing so, which is all thoroughly documented.
Review your processes for seeking consent and make sure they are updated.
Make sure you have a way to check someone’s age, and/or seek parental consent for using their data.
Does your company have a system in place for reporting and handling a personal data breach? If not, you need one.
Check out the ICO website for information on Privacy Impact Assessments and understand how and when you might need to use one.
Check on the ICO website if your business needs to have a Data Protection Officer in place and if so, appoint one.
If your business works internationally you need to check which authority you will come under for data protection purposes.
This 12-step checklist from the ICO highlights the key areas which all businesses need to check to make sure they are compliant with GDPR in time for the May deadline and gives a step-by-step approach to help you get there.
If you need any help with ensuring your IT systems and data storage are all compliant then please do get in touch and talk with one of our experts.
If you're unsure of your IT requirements, or how to upgrade your existing system, book in for a free IT health check. We'll assess all of your systems and plans and come up with a solution for your individual IT needs.