remaining for you to get GDPR compliant
The 12 Steps of GDPR.
Are you GDPR-ready?
The General Data Protection Regulation (GDPR) can be a tricky topic to get your head around but it is vital for your organisation to understand and prepare for any necessary changes ahead of its implementation on 25th May 2018. (This date is not affected by the UK's decision to leave the EU.)
What is GDPR and should I care? That's the question that everyone, including our clients, CRM Managers and Directors have been asking at our monthly roundtable discussions. So we've put together a quick and handy tool to help you understand where you and your organisation stand in relation to GDPR compliance and what the next steps are.
Please rate yourself (be honest) using the sliders below and our tool will then provide your score and a list of useful resources.
You and your organisation should be aware of the changes brought about by GDPR and the actions that must be taken to comply ahead of 25th May 2018.
All personal data held by your organisation should be documented, including who has access to it and where it was sourced.
Your organisation should put a plan in place for any changes to be made to privacy notices ahead of GDPR implementation.
Your organisation should be aware of and understand the rights of the individual outlined by GDPR as well as checking procedures such as how personal data is stored, deleted etc.
You will need to update your procedures and plan how you will handle requests within the new timescales and how you will provide any additional information.
All processing of personal data must have a strong basis in law, so be sure to identify, explain and document this.
Your methods of seeking, recording and managing consent should be reviewed and changed where necessary, should they not meet the new GDPR standard. Existing consent should also be reviewed.
You must work out whether any consent involving children will need a parent or guardian's consent for data processing. You must also be able to verify their age.
All measures taken must minimise the likelihood of a data breach while upholding the protection of personal data, but any occurrences must be reported and investigated accordingly.
Data Protection by Design
You should familiarise yourself now with the ICO's code of practice on Privacy Impact Assessments, as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them.
Data Protection Officers
Consider whether you should have a data protection officer. If you do need one they must take responsibility for data protection compliance and assess where this role will sit within your organisation's structure and governance arrangements.
If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority.
If you would like us to contact you, send you further information, event invitations or our newsletter please enter your details and choose below: