Business owners are being encouraged to plan and prepare for data compliance now in light of the new General Data Protection Regulation (GDPR) as we begin to count down to the ratification of the Regulation into UK law.
We will take a look at how businesses should be preparing themselves for the changes coming. I offer some advice to business owners who are not certain of the GDPR implications on their business in relation to the journey of becoming compliant
The changes in data protection due to be introduced into the UK will be the biggest change in data protection law and privacy laws in some time. Coming into force on 25 May 2018, the regulation is the completion of four years of debate within the European Union (EU).
So, what practical steps should your business and staff be taking now as you work towards developing a data protection compliance plan?
- Review and document all of your relevant policies for GDPR compliance. This will include all of your privacy policies and notices, your current data protection policy, your data sharing policy and information security policy surrounding your cyber security
- It is important that the GDPR is one of the key topics on your Boards agenda and that adequate resources, time and budget is allocated to your GDPR compliance programme
- Carefully review and document the methods, procedures and processes you use to collect consent from data subjects and the systems you use to store that information
- Ensure you develop processes and procedures to manage data breaches and are able to notify the ICO of any major breaches within 72 hours
- Develop and deliver a GDPR training programme for all your employees
- Review your existing contracts including employee and 3rd party contracts and make any necessary amendments
- Ensure that all personal data is processed in easily well-structured, secure and searchable databases so that you can handle data subject access requests quickly and efficiently
- Appoint a Data Protection Officer, who should be senior enough to sit at Board level. If you choose not to do so then ensure you have an individual within your organisation that is given the responsibility and accountability to deal with data protection, data protection issues and the relationship with the ICO
- If for any reason you deal with the transportation of data outside the EU then ensure you have the relevant arrangements in place to ensure your GDPR compliant
- Schedule regular review to ensure that you are on track with your GDPR compliance plan and beyond