Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Advice. How to do GDPR

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr, gdprfree,
by Adam Brogden
in Blog

21-Mar-2018 10:03

There is no doubt that GDPR is complex, complicated, and confusing. Unless you have a background in Data Protection, Business Analysis, Data Definition, IT, and/or have an MBA then GDPR looks very difficult.

Here at TextGoto we have a pretty down to earth approach. GDPR is not about completing 40 documents or reading EU Articles and recitals, GDPR is about you and your business. It’s about understanding what you do, the data you use, safeguarding that data, and having good processes in place to respond to customer requests.

Our approach is based on understanding what our clients do – in their language. Our workshops are interactive, dynamic, and [almost] enjoyable. Using normal language and expressing GDPR concepts in ways that relate directly to the business. We probably don’t mention Article 6 or Recital 23 at all !! Here is a breakdown of how this works….

1. Get a couple of big white-boards, tea, biscuits, and give yourself lots of time.

2. Take the time to do introductions – make sure we know who does what, their background and role in this process. Nominate someone to drive the process or you risk stalling at the first tricky question. Your GDPR person would be a good candidate.

3. Understand what the business does, products and services, customers, suppliers – do this at a high level

4. Draw out an organisation chart – any format will do [MBA not required]

5. Map out standard business functions: HR, IT, Operations, Marketing, Finance etc….pretty much every company does these thins even if they call it something different.

6. Then go through each of these in turn describing what happens and breaking the process into smaller sections.You might start with ‘Recruitment’ – you need to break this into smaller sections to understand what this means.

7.For each section then look at the data collected/stored/processed, systems used [including forms, paper docs etc..], suppliers and third parties, and customers. This is not that difficult when you get started….

8. The GDPR person should be able to ask tricky questions, delve into the process to identify any issues or identify areas where further work is required.

9. This will give you a big white-board full of data and really kick start your process!

10. Keep it light – this is a team effort. Identify issues but don’t dwell, there is plenty to do and you’ll definitely revisit this in the future.

11. Play nice!

This approach will give you the input to the other documents / tasks required. You’ll be surprised how much more you can do if you get this far.

We find this works well for us by using,this approach is cost effective and definitely ensures your teams are involved and engaged.

Let me know if you have tried other approaches and how you got on.

Good luck all….