So, ICO admit that the full set of GDPR documentation is still not available and
may not be until after January 2018. This makes a difficult situation even more
difficult so, what can you do to start your prep now? Here is a 10 point plan:
1. Visit the ICO GDPR website and read through the 12 point plan. This has
lots of information on how to prepare.
2. Read more articles from OptIndigo – there is loads of useful
information and free GDPR advice.
3. Establish the legal basis for collecting and processing data – this is a
fundamental requirement and affects everything else.
4. Check any web site / form / script that you use to collect personal data.
This can be anything so be careful! Watch out for basic pages like, ‘Sign-
up for our newsletter’ – even this now has to be GDPR compliant.
5. Update your privacy policy document – this will take some time but is
very important to.
6. Do your data analysis. Look at ALL your data to ensure collection,
processing, storage meets all GDPR requirements. Look at your retention
policies and conduct a complete audit. Check everything and check
everywhere. Delete anything you can’t justify storing. Watch out for
random hard drives lying around!
7. Check your company records, staff details, customer details, anything
with personal data.
8. Start talking to your suppliers about GDPR – make sure they have plans in
place. Under GDPR you have to be sure you are only using legitimate
suppliers.
9. Start talking to your customers about GDPR – most will have no idea what
you are talking about! Start the conversations early.
10. You need to make sure all your data is GDPR compliant. Use the GDPR data migration tools available from OptIndigo
to start this process now. This could take a while – don’t lose your customer database.
Sounds like a lot to do – that’s because it is!
Feel free to call us anytime to discuss your plans and ask for our free templates.
Good luck all.