Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Holidays Are No Excuse

by Adam Brogden
in Blog

16-May-2019 11:26

In my experience the ICO are pretty fierce and don’t accept any excuse for data protection failures. Excuses such as, ‘that person was on holiday’, ‘I didn’t understand the rules’, and ‘we didn’t think it applied to us’, won’t save you from enforcement action and fines.

This is a big problem since GDPR is pretty complex and after all we are all human. So what’s the best way to avoid GDPR fines? Evidence, evidence and more evidence. You must make sure that you document everything. Keep a log of any GDPR action you have taken and decisions you have made. Here are a few examples for you:

  1. If you rely on consent as your lawful basis for marketing you need to be able to show how, where, when you collected that consent for EVERY number/email address in your lists.

  2. If you decide you don’t need a DPO you must record this decision and rationale in your GDPR documents.

  3. You should complete a data discovery. This records the list of data you process, where you got it, who you share it with, and how you keep it safe. This is a time-consuming process but definitely worth the effort.

  4. Record ALL SARs, Beaches, or Complaints plus ALL action you have taken to resolve the issue and more importantly, record the steps you have taken to avoid this in the future.

  5. Make sure you have completed all your documentation and make sure you review this regularly and keep it up to data, especially your Privacy policy.

  6. Train your staff and make sure you keep records of their training. This is vital!

This evidence might just save your life if you experience a GDPR issue. Don’t neglect this, as I said, the ICO are pretty fierce.

Good luck all.