12 March 2018

GDPR: Time is running out – are you ready?

With less than three months to go, time is running out for organisations to prepare themselves to be compliant with the EU GDPR

With less than three months to go, time is running out for organisations to prepare themselves to be compliant with the EU General Data Protection Regulation (GDPR). The new regulations will come into force on 25 May 2018.

Your organisation must not ignore GDPR. Failure to comply could result not only in significant fines, but also  put you at a distinct commercial disadvantage to your competitors, and cost you valuable business relationships. However there are significant benefits to be had from understanding and managing your customer data better and ensuring that your suppliers and partners are protecting your personal data properly.

Compliance will require you to consider a number of issues. Here is a brief summary of the main issues to consider:

  • Have you clearly documented the legal basis for processing personal data?  If you cannot do this then you probably should not be processing the data in the first place!
  • If “consent” is the basis you are using, are your consents to hold data up-to-date and GDPR-compliant, for example, do details include explicit opt-in where required? Are you recording the consents obtained so you have a record of these? Do you have a process in place to allow consent to be withdrawn as easily as it was given?
  • Are you fully aware of what personal information you hold and where within your organisation this information is maintained, managed and updated?
  • Is your organisation ready to respond to data subjects exercising their new rights under GDPR?  Rights such as the right to be forgotten and data portability need to be considered and processes developed to enable your staff to respond appropriately.
  • What is your organisation's policy for reacting to a data breach? Will this policy be able to meet the new data breach reporting deadlines set under GDPR? Are all employees aware of the data breach policy throughout the organisation?
  • Is your organisation required to have a data protection officer? If not have you designated the responsibility of data protection to an individual within the organisation?
  • Have you addressed how you are going to communicate privacy to your external stakeholders? Has your privacy policy been reviewed to ensure this is going to be compliant under GDPR?

If you are unsure about the answers to the above questions or would like further information on how we help clients comply with GDPR, please contact Doug Trainer.

Bookmark and Share