March 2018 Newsletter - GDPR

GENERAL DATA PROTECTION REGULATION

A lot has been written lately about forthcoming changes to data protection legislation - the introduction of the General Data Protection regulation which replaces the current UK Data Protection Act 1998.  Much of what has been written has been somewhat scary - articles foretelling doom if organisations don't get everything sorted before the introduction of the new legislation on 25th May 2018.  At first glance, the tasks required to become GDPR compliant can seem overwhelming but if a methodical approach is taken, it is easily achievable.  Whilst it is true that all organisations need to be thinking about GDPR, there is still plenty of time to get things organised.

We've put together our ten top tips for the steps you might wish to consider undertaking:

  • Ensure key staff and volunteers are aware of the changes to data protection legislation.
  • Create an audit of the personal data held by your organisation, where it came from and with whom you share it.
  • Check that your current 'privacy notices' are changed to reflect the introduction of GDPR.
  • Check your procedures with regard to the rights that individuals have concerning the data you hold on them, how you might delete that data or provide it to them on request.
  • Ensure your procedures for meeting 'subject access requests' (where people wish to see the data you hold on them) are revised and up to date.
  • Ensure that you have proper 'lawful basis' for processing personal data in line with the new legislation.
  • Review how you seek, record and manage consent to hold personal data and review existing consents if they do not meet GDPR standards.
  • Consider if you need to put systems in place to verify individuals' ages and to obtain parental or guardian consent for any data processing activity.
  • Check that you have the right procedures in place to detect, report and investigate a personal data breach.
  • Ensure that someone in your organisation is charged with responsibility for data protection compliance and that they have the authority to drive the required chantes through your organisation.

We are currently working with a range of clients to ensure they are GDPR compliant; if you would like to have a no-obligation conversation about GDPR and the possible changes your organisation may need to make, please get in touch either by telephone on 07711 764994 or email: peter@pstoneconsulting.co.uk.

 

Other blog posts

See all articles