It is very important that you keep your GDPR up to date, review your policies and procedures, train your staff, and complete your due diligence on your suppliers and other third parties. Completing an annual review is a vital part of your overall GDPR regime. Failure to complete reviews and updates may leave you at risk if you suffer a data breach or other GDPR issue. If you can demonstrate that you have taken your responsibilities seriously then the consequences of any breach will be so much less.
The exact schedule depends on your company but we recommend that you [at a minimum]:
- Review your Privacy Policy quarterly
- Complete a Data Discovery exercise at least once per year
- Audit your contracts every 6 months
- Train all staff on GDPR annually and train all new staff as part of their induction
- Conduct MONTHLY spot checks to look for obvious misdemeanours - files lying around, data where it shouldn’t be, staff unaware of GDPR requirements
- Review policies and procedures at least annually
This list is just a suggestion. You need to consider the nature of your operation and level of risk but do not neglect this!
Call us anytime to discuss.
Good luck all.