Get Free Downloads
Start your GDPR today in just a few clicks
Get Free Downloads
Start your GDPR today in just a few clicks

Easy GDPR in 10 Steps

by Adam Brogden
in Blog

17-Dec-2018 12:20

So you want to do your GDPR as quickly and easily as possible. Here are 10 steps to getting GDPR compliant!

  1. You need a plan. Use the ICO 12 Step plan to help you understand the key stages.

  2. Complete a GDPR audit. Work out where you need to make changes.

  3. Check your website. Do you have a Privacy Policy? Is your site clear about what people are signing up to?

  4. Is your IT secure? Do you have appropriate virus guard, firewalls, policies in place? A good place to start is a Cyber Security review or take a look at Cyber Essentials, these cover the basics.

  5. Review your customer database. Could you prove that you have a lawful basis? Don’t try to bluff this, you need to be 100% sure. If not, you might just need to dump that data.

  6. You need policies and procedures. GDPR requires you to be able to respond to evil things called Subject Access Requests and be handle requests for deletion, rectification, and transfer. These are relatively simple processes, but you really do need to understand how you would handle a request.

  7. Look at your suppliers and other third parties and your contracts, especially with anyone you share data. You need to be sure that any third party is GDPR compliant. This is a vitally important requirement. If you transfer data outside the EU this requirement gets a whole lot more complicated!

  8. Do you have employees? They have the same rights under GDPR, they even need their own Privacy Policy. Don’t forget this step. This might just come back and bite you.

  9. Training – so, back to employees. You need to make sure you have trained your staff and that you can prove you have done this. Training on GDPR and Cyber security is very important. When they make a mistake you need to be able to prove that you did provide appropriate training.

  10. All the other stuff! Document storage, shredding, use of pen drives, staff using their own phones, locked cupboards, CCTV. All the basic stuff you need to keep data safe. Have you got a Data Retention and Erasure policy?

These 10 Steps cover the very basics. For more information create a free account on Optindigo. You can download all sorts of information, plans, templates, and blogs for free here.

Good luck all.