General Data Protection Regulation (GDPR)
Continuing our new – year theme of ad hoc topics, we thought a look at the issue of The General Data Protection Regulation (GDPR) was most worthwhile, as this will affect all businesses!
You’ve probably been inundated with many emails and newsletters on GDPR, and it’s not for us to advise directly on the many ramifications. But even from our own experience, we can advise some helpful steps to think about. So here are some key points:
Preparation and Compliance - is critical. Ensure “buy-in” from key people in your organisation, starting with commitment from the “top”.
Awareness – ensure staff are fully aware of and trained in the data protection requirements for your organisation. Breaching the regulations can have serious consequences.
Responsibility – concerning use of personal data needs to be crystal clear when collecting personal information, be aware that the person to whom it relates has a right to know what’s happening with their data.
Comprehension – of the data you hold is vital, as any personal data held needs to be documented to include its source as well as whom it is shared with. Review your contracts with any third-party processors to ensure they are GDPR fit!
Accountability – is also important, ensuring implementation of best practice. Complying with the GDPR requirements is a complex task and the appointment of a Data Protection Officer may be necessary.
Consider – all aspects such as; privacy notices; data breach handling procedures; security; and retention policies.
Implement – mechanisms such as spot checks or audits to monitor compliance with your data protection policies.
Document - all of the above processes so to be able to demonstrate them if needed in an organised and effective manner. Think about ongoing projects which could need a Data Protection Impact Assessment, and continue monitoring the whole process.
Security - take continual appropriate steps to address any security weaknesses and cyber risks. Check for example that; Firewalls are properly configured and use the latest software; the use of unique passwords; regular software updates and encryption of all portable devices.
GDPR compliance is not just for Christmas, as they say – it will be an ongoing and permanent journey! It will be critical to ensure you have full knowledge of and then comply with, the new regulations, and seeking specialist advice in this particular area is almost certainly worthwhile.
19 January 2018