12 Tips To Prepare Your Business For GDPR
With GDPR just around the corner, it’s becoming a popular topic of conversation among many businesses. Organisations who do not comply with the new law will face fines of up to €20 million (approx. £18 million) and potential damage to their reputation. In this blog post we give you 12 simple tips on how to prepare your business for the GDPR.
- Awareness – all members of your organisation should be aware of the changing law on how personal data is held, and key people should understand the role they play in ensuring the organisation is prepared.
- Document Your Information – you should document the personal data your business holds as an audit including where it came from and who you share it with.
- Privacy Documents – you should review your organisations current privacy documents and update them in accordance to the GDPR.
- Individuals’ Rights – you should ensure that your documentation covers individuals’ rights, and that you are able to provide data electronically or delete it if an individual requests it.
- Request Timescales – you should ensure that you are able to provide requested information within a dedicated timescale and have plans in place for doing so.
- Lawful Basis for Processing Personal Data – you should identify the lawful basis for your processing activity in the GDPR and update your privacy documents explaining it.
- Consent – you should review how you ask for consent when taking personal information, this includes collecting and storing data. The GDPR states that any digital communications should be opted into.
- Children – you should review whether you need to ask for individuals ages, and therefore whether you need to ask for parental or guardian consent.
- Data Breaches – you should review your procedures for preventing, detecting and acting on personal data breaches.
- ICO’s Privacy Assessments – you should familiarise your organisations key people with the ICO’s code of practice on privacy impact assessments along with Article 29 Working Party, them implement them.
- Data Protection Officers – you should elect one member of staff to be responsible for data protection and compliance or consider whether you formally need to assign a data protection officer.
- International – if your organisation operates in several EU member states, you should determine your lead data protection supervisory authority.