Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

GDPR Advice. GDPR is for life, not just for…

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr, gdprfree,
by Adam Brogden
in Blog

19-Mar-2018 10:10

The rush to GDPR has undoubtedly started with a huge focus on 25th of May. It is likely that many companies starting now will not actually be compliant on time, but hopefully their attempts will help them avoid issues and avoid enforcement action. Even those that are able to claim compliance by 25th May will never be able to claim they have completed GDPR.

GDPR should be considered part of your business, right alongside Marketing, HR, and the IT team – GDPR needs to be at the top table in your management structure and considered in everything you do. Some GDPR requirements are simple and similar to DPA. Here is a list of the sort of things you need to consider:

1. GDPR Review – the production of your GDPR documentation is just the start. These documents need regular review. You need to ensure you understand which you need to review and when. You also need to consider where changes in your company need to be reflected in your documentation. Your change management process needs to include a GDPR assessment review.

2. Subject Access Requests – this is an easy one. GDPR is very clear about the importance of SARs and the processes you nee to have in place. Having an effective SAR process is vital.

3. Breach Management – the ability to identify a breach has happened, asses the impact, and notify the ICO and people affected is another obvious requirement. Having an effective breach process in place relies on you understanding what data you have and where/how you store it. This rather makes management of your data and process key to on-going compliance.

4. Supplier due diligence is now keep – you need to confirm that, where necessary, your suppliers are compliant but also that they remain compliant. Regular supplier, partner and customer review is key to this. Some companies such as Affiliate Marketers can have complex data relationships – ensuring on-going compliance and being able to demonstrate due diligence is vitally important. It is likely that any ICO investigation will start with the question, ‘Show us your contracts’. Don’t risk enforcement action – evidence of due diligence is vital.

5. Staff training is key to GDPR safety, breaches are often caused by human error. The regulator won’t be sympathetic – their view is that a breach is caused by lack of training or poor management. A breach of a few records can result in huge fines if the regulator decides that the breach was a result of organisational failing. Don’t take the risk!

6. Make GDPR part of everything you do. This sounds obvious but is probably the most important thing you can do. Staff training, documentation, change management and supplier management – make GDPR part of your company DNA.

This is just a short list to demonstrate the point that GDPR is not just about 25th of May. Due diligence and making GDPR a part of the organisation DNA is vital.

Good luck all!