On 25 May 2018, the GDPR will apply to all businesses that handle personal data on a EU Citizen and organisations that collect, process or store personal data should be taking steps to ensure it can achieve compliance.

Whether you run a business, school, charity, community group etc, the chances are good that GDPR is probably already on your radar.  During workshops, briefing events and conversations over the last few months, we have discovered that not everyone however is at the same stage of preparatio,n and for many, there is still a ‘burying of heads in the sand’ mentality.

The General Data Protection Regulation, or GDPR for short, is the biggest change to data protection law for a generation and the risks of non-compliance could have significant consequences for businesses.

The first few steps to compliance with the EU General Data Protection Regulation (GDPR) can be the most confusing.

You might be thinking

  • Where do I start?
  • Who needs to be involved?
  • How do we go about identifying all of our obligations?
  • How will we prove that we meet all of the regulation’s requirements?

It is important that organisations have a good understanding of their GDPR obligations and to fully appreciate the scope of their GDPR duties as well as a clear understanding of how personal data is collected and processed.

To assist you in your compliance journey,  we have put together a free readiness checklist of the key areas and compliance challenges that every organisation could be faced with.  We have also broken this down into critical and recommended steps.  Visit our website to download you free guide today.

GDPR compliance can prove to be challenging for organisations that haven’t examined their processes before, who work with a large volumes of personal information or rely on data held in a variety of formats.  Our guide can help to begin to understand your obligations.

Although preparing for the new rules may seem like a daunting task, it doesn’t have to be if you break the project down into smaller chunks.    As well as our free readiness guide, here are some additional ways you can prepare.

1. Review why you collect, process and store personal data. The GDPR requires accountability and transparency and organisations need to give more information to individuals to explain how their data is being used, who it is shared with, how long you will retain it for and you can only do this if you understand the reason why you collected the information in the first place.

2. Once you know why you collect it, review if you are collecting too much information.  Ask if you have a good reason for collecting all pieces of information.

3. Update privacy notices – there is more information required by the GDPR.

4. Treat online identifiers as personal data such as cookies and IP addresses.

5. Review and amend consents.

6. All staff should be trained on the the new data rights under GDPR and should be made aware of all the key changes, i.e. see our blog relating to Right of Access

7. Review how long you need to store and keep data for, how you store it and how secure it is. Ask if you are holding onto personal data for longer than you need to?

8. Do you work with third party organisations and do you have contracts in place with them?  Review and amend all your contracts to make sure that they also comply with the new GDPR requirements.

9. Contact any suppliers or organisations who process personal data on your behalf and especially those outside of Europe as there are additional requirements.

10. Keeping records is an important part of the GDPR to demonstrate how you are preparing and to show accountability and provide evidence of compliance.

Even though some of the finer details of GDPR are still unfolding, by taking action on the above should help you start preparations and to fill any gaps.

If you need further support or information, please visit our ‘services’ pages to see how else we can help you become GDPR compliant.

For further information contact us here