Are you GDPR ready?

You will recall in January we highlighted how employers needed to get ready for changes to data protection law that comes into force on 25th May 2018.

We have already, in our previous update, provided you with some helpful links and the Information Commissioners website continues to provide updated guidance to help businesses.

Is your business ready? If not, don’t panic. It is better to start now rather than bury your head in the sand. Here some tips for putting together a plan so you can ensure you business is ready for GDPR (General Data Protection Regulation).

  • Are those senior in the business aware of GDPR and the responsibilities and risks it places on the business? If not, they need to bring themselves up to speed promptly due to the risk of substantial fines and possible reputational damage if the business is found to be in breach of the GDPR.
  • Look at what personal data you hold: you may find there are different categories e.g. customers, employees, contractors. What sort of data is it – just personal data or also special categories of data?( more sensitive data such as medical information) Do you need to be storing it?
  • You need to think about any contractors that deal with the personal data on your behalf, like payroll companies, and ensure they are compliant too.
  • Note the reasons you have this data and compare this to the lawful reasons that are available for using that personal data – can you rely on the lawful reasons for processing data?
  • Do you need consent for the purposes you are using the personal data for?
  • Are you storing the personal data securely and how long do you need to keep that data?
  • Do you have a Data Protection Policy which tells your business, your staff, how to deal with personal data?
  • Do you have Privacy Notices which inform the data subjects of why you need their personal data, together with any other information required under the GDPR?

The ICO have a more detailed 12 – steps guide which you can also refer to.

If you have further queries on GDPR, please contact us to see how we can help.