GDPR: the acronym your organisation should be taking seriously

You’re sure to have heard of GDPR, but do you fully understand what you need to do and the serious implications of non-compliance?

The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018, and with just over three months to compliance this leaves a short space of time to evaluate how GDPR will impact your organisation.

However as with all great challenges, the best approach to deal with GDPR is to break it down into manageable sections.

Consider the following top areas:
 
  • Are you fully aware of what personal information you hold and where within your organisation this information is maintained and managed?
  • Have you addressed how you are going to communicate privacy to your external stakeholders? Has your privacy policy been reviewed to ensure this is going to be compliant under GDPR?
  • Have you considered your lawful basis for processing the information you have?
  • Are your consents up to date and GDPR compliant, for example, the details include explicit opt-in where required? Are you recording the consents obtained so you have a record of these?
  • Do you use third parties to process information on your behalf? If so have you considered the data controller and data processor requirements under GDPR?
  • What is your organisation's policy for reacting to a data breach? Will this policy be able to meet the new data breach reporting deadlines set under GDPR? Is everyone aware of the data breach policy throughout the organisation?
  • Is your organisation required to have a data protection officer? If not have you designated the responsibility of data protection to an individual within the organisation?
It is important you have a plan of action. If you're unsure about the answers to any of the questions above, please contact Chris Beveridge. We would welcome the opportunity to meet and help you successfully prepare for GDPR.
 

Leave a comment

 Security code