GDPR has become law – what should you do next?

The recent serious data breach involving 1.2 million personal records of Dixons Carphone customers is another reminder to organisations they shouldn’t take GDPR lightly. If they fail to comply with new data protection laws, it could result in a major fine up to €20 million or four percent of their annual global turnover, whichever is greater.

Are you staying on top of GDPR compliance?

To ensure your organisation continues to be compliant post-GDPR deadline, consider the below areas.
  • Do you process or store large amounts of personal data, whether for employees, individuals external to the organisation, or both? If yes, have you appointed a Data Protection Officer (DPO) who is responsible for overseeing data protection strategy and implementation to ensure compliance with the GDPR?
  • If your organisation falls outside of the scope to have a mandatory DPO, have you appointed a data compliance officer?
  • Are you fully aware of what personal information you hold and where within your organisation this information is maintained and managed?
  • Have you communicated your data privacy procedures to your external stakeholders? Has your privacy policy been reviewed to ensure this is compliant under GDPR?
  • Have you considered your lawful basis for processing the information you have? Have you determined your lawful basis before you begin processing and are you documenting it?
  • Have your contacts expressed explicit consent to process their data? For example, have they approved to receive communications? Have you made it easy for people to manage mailing preferences? Are you recording the opt-ins obtained so you have a record of these?
  • Do you use third parties to process information on your behalf? If so, have you considered the data controller and data processor requirements under GDPR?
  • What is your organisation's policy for reacting to a data breach? Will this policy be able to meet the data breach reporting deadlines set under GDPR? Is everyone aware of the data breach policy throughout the organisation?

Ensure GDPR compliance

Complying with the GDPR is no small job. Your organisation needs to stay on top of GDPR compliance, or you may risk a regulatory breach and a potentially large financial penalty. When GDPR was enforced on 25 May 2018, this was not the end of the responsibility that an organisation has towards data protection – the data protection journey really did begin on that date.

We can help ensure you are compliant with GDPR requirements but, more importantly, can work with you using our compliance monitoring plans to ensure continued GDPR compliance post 25 May 2018. Please contact Chris Beveridge if you are in need of assistance for the new data protection rules or would like guidance on keeping complaint. We would welcome the opportunity to meet and help you successfully guide your way through the new world of data protection.

Leave a comment

 Security code