How do I make sure my business is GDPR compliant?

Date: 13th March 2018
Author: Tom Perkins

With the deadline for complying with the new GDPR - General Data Protection Regulation – coming up quickly, businesses are now rushing to check whether or not they are compliant. The new EU law will come into force on 25 May 2018 and will change the way companies are able to store, secure and manage personal data.

GDPR replaces the current Data Protection Act and means all EU countries will be following the same data regulations going forward. So how can you make sure your business is GDPR compliant? The Information Commissioner’s Office (ICO) has created a number of guides and checklists for companies on its website to make it really easy to check out how the GDPR will affect your business and what you need to be doing right now to ensure compliance, including a 12-step checklist which we have recreated here for you:

1. Raise awareness

Is everyone in your company aware of the changes which are coming? Does everyone who deals with data know and understand what GDPR is and the impact it will have?

2. Audit your data

Check what personal data your business is holding currently and understand where it came from and how you use it, so that you can answer any questions later.

3. Privacy review

Have a look at all of your privacy policies and statements and make sure they fit in with the new GDPR regulatory requirements. You will need to update them.

4. Rights and processes

Make sure you have processes in place to meet the new individual rights including the ability to delete someone’s data if requested.

5. Data requests

Make sure you have procedures in place to deal with someone’s request to access their personal data and for you to provide that information to them.

6. Personal data processing

Check out all of the personal data processing which you undertake and make sure you have a legal reason for doing so, which is all thoroughly documented.

7. Consent review

Review your processes for seeking consent and make sure they are updated.

8. Age verification

Make sure you have a way to check someone’s age, and/or seek parental consent for using their data.

9. Personal data breaches

Does your company have a system in place for reporting and handling a personal data breach? If not, you need one.

10. Privacy Impact Assessments

Check out the ICO website for information on Privacy Impact Assessments and understand how and when you might need to use one.

11. Data Protection Officer

Check on the ICO website if your business needs to have a Data Protection Officer in place and if so, appoint one.

12. Data Protection Authority

If your business works internationally you need to check which authority you will come under for data protection purposes.

This 12-step checklist from the ICO highlights the key areas which all businesses need to check to make sure they are compliant with GDPR in time for the May deadline and gives a step-by-step approach to help you get there.

If you need any help with ensuring your IT systems and data storage are all compliant then please do get in touch and talk with one of our experts.

< Back to all Blog posts

Book a free IT health check today

If you're unsure of your IT requirements, or how to upgrade your existing system, book in for a free IT health check. We'll assess all of your systems and plans and come up with a solution for your individual IT needs.