GDPR: the acronym your firm should be taking seriously

You’re sure to have heard of GDPR, but do you fully understand what you need to do and the serious implications of non-compliance?

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018, and with just over three months to comply, this leaves a short space of time to evaluate how GDPR will impact your firm. The Financial Conduct Authority (FCA) and Information Commissioner’s Office (ICO) recently published a joint update on GDPR detailing the considerations that firms will need to address regarding the application of GDPR and also outlined the innovative measures they are taking to support firms.

As with all great challenges, the best approach to meet the requirements of GDPR is to break it down into manageable sections.

We suggest that you consider the following points in your approach:
  • Are you fully aware of what personal information on client’s or ‘Data Subjects’ hold and where within your firm this information is held, maintained and managed?
  • Have you addressed how you are going to communicate your privacy policy to your external stakeholders? Has your privacy policy been reviewed to ensure this is going to be compliant under GDPR?
  • Have you considered your lawful basis for holding or processing the information that you have about individuals’?
  • Are your consents up to date and GDPR compliant, for example, do the consents that you have include explicit opt-in where required and are you recording the consents received, so that you have a record of these?
  • Do you use third parties to process information on your behalf? If so have you considered the Data Controller and Data Processor requirements under GDPR?
  • What is your firm's policy for reacting to a data breach? Will this policy be compliant with the new data breach reporting deadlines set under GDPR? Is everyone aware of the data breach policy throughout the firm?
  • Is your firm required to have a Data Protection Officer? If not have you designated the responsibility of data protection to an individual within the firm?
It is important you have a plan of action. If you're unsure about the answers to any of the questions above, please contact Chris Beveridge. We would welcome the opportunity to meet and help you successfully prepare for GDPR.
 

Leave a comment

 Security code