Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Not Ready For GDPR?

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr, gdprfree,
by Adam Brogden
in Blog

16-Apr-2018 10:13

I have seen many reports suggesting that the level of compliance on the 25th of May will be as low as 15%. This is an almost irrelevant figure. Given that there is little in the way of detailed implementation advice and no actual measure of what it means to be compliant, it will be up to you to be able to convince the regulator that you have taken on board your responsibilities and made a reasonable attempt to meet the GDPR requirements.

The ICO state that, ‘The accountability principle in Article 5(2) requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility.’ So there is one thing for sure, it is up to you to ensure you comply with GDPR. No excuses, no blaming the consultant, complaining about the documentation, or saying you were too busy.

So, on the assumption you are reading this because you think you are not going to be ready in time. Here is a suggested approach that might just help. This approach aims to help you respond to when ICO knock on the door [figuratively, its more likely to be a phone call or email]. This is a risk-managed approach – not so much reducing the risk of a breach more aimed at reducing the risk of ICO enforcement action. For example:

1. Produce a GDPR Strategy document – get buy-in from the senior management and add it to your board meeting agenda / action plans / things to do list. Use this to demonstrate your commitment to GDPR.

2. Decide and document whether you need a DPO and/or external support to help – this is an important decision and although funding might be an issue the lack of cash is never going to work as an excuse.

3. Document a plan – list the key steps [the ICO 12 step plan is not a bad start] and identify the people or companies responsible. This needs to be a real plan because you might just need to demonstrate that you have made progress.

4. Sign-up for a GDPR compliance service like Optindigo - other compliance products are available – and get access to everything you need and demonstrate that you are making progress.

5. Look at your business processes and data to help you understand what data you collect and how you process – this will help you identify where to start. This will help you identify your biggest risk areas. You can find templates for this on the ICO site and we provide these in each document pack. Lawful basis and rights of the data subjects with be considered Here.

6. Once you have this you should develop your Data Retention policy – this is a relatively simple document but will help you understand system changes required and look good if ICO need evidence of you taking this Seriously.

7. Plan and commission website and system changes - these can take time so it’s important you start this activity as soon as possible. PIAs are easy to do and useful to demonstrate that you have considered the risk associated with your systems but not always necessary.

8. Once you get to this point, you are making progress so now is a good time to look at the data you have and decide whether you have the right to process this data. Don’t panic and just delete it all! You need to look at PECR and make sure you have appropriate permission if you plan to market to this data in the future. It’s good to do this early in case you decide to start a re-optin process as this could take some time.

9. Suppliers, partners and SaaS next – you need to be sure that your contracts are GDPR compliant and that you have completed appropriate due- diligence. You might find that your suppliers are way behind and you need to carefully consider whether you need to find a different supplier!

10. Next knock off some off the easier policies…. SAR, Breach, BYOD, Clear Desk processes etc…. These are easy to do and will add to your overall compliance progress score.

11. At this point you are in good shape. Clearly lots to do but you are in better shape for if ICO were to knock on your door. Don’t slow down – the responsibility is always yours.

If you get really desperate you should talk to us at Optindigo – we can help get your documentation done fast. Expecting a visit and not ready – call us!

Good luck all!