The upcoming GDPR (General Data Protection Regulation) will see the introduction of a new set of regulations relating to the storage and usage of personal data that organisations within the EU must adhere to. The deadline for compliance with GDPR is 25 May 2018.
Should You Be Concerned??
There can be little doubt that when you first start reading about GDPR, it can seem overwhelming. However, in reality, GDPR can be viewed as an extension of the existing Data Protection act which has been around for two decades and if you are already in compliance with these, you are well on the way to compliance with GDPR already.
What Are The Main Changes?
GDPR is being implemented to regulate the way that companies obtain, store and process personal data. If you believe that this will affect you in any way, we’ll look below at some of the key areas that you need to address.
No. 1 – Understanding Your Requirements
The key 1st step towards achieving GDPR compliance is gaining an understanding of how the new regulations will impact your business. Only by learning which processes your organisation must put in place will you be able to understand the areas it will impact. Taking the required steps to ensure that all employees who collect and process personal information know about the GDPR and how it might affect their work is essential.
No. 2 – Taking Responsibility
Having someone in place who will be able to lead data protection regulations within your business is important. They will be able to oversee how your data is handled to work towards GDPR compliance as you move forward.
Please Note – There is no reason to employ someone from outside of your organisation to do this job.
No. 3 – Putting The New Processes In Place
It is very likely that you will find new processes will need to be put in place to ensure compliance and below we have identified some of the key areas to focus.
- Current Data Audit: You must work through everything to see how you currently collect and process data to ensure that it complies with GDPR regulations. If not, you must take steps to correct this. (you may find some issues arise around whether the correct consent has been obtained to collect or use data)
- Making The Required Corrections: If you have not obtained the required consent to use or retain data, you must take steps to do so.
- Future-proofing Your Process: It is important to ensure that you identify an accurate and compliant way to collect and use data covered by GDPR.
- Ensure Transparency: It is important to ensure that you have everything documented so that should you receive any queries regarding the data you have stored (either from an individual or during an official audit), you can provide all of the relevant information.
Some Official Advice On GDPR Preparation
The good news is that Information Commissioner’s Office, who will be regulating the GDPR in the UK, have produced a variety of documents designed to provide insight and information regarding all aspects of GDPR implementation.
To help guide you through the mountain of information, we have highlighted 3 of the documents that we believe help to shed some light on the key areas.
Currently Browsing: Are You Prepared For GDPR?