Well after what felt like a long time coming, it’s now nearly a month since GDPR was
enforced. In case you’ve slept your way through the months leading up to 25th May 2018, in essence the new GDPR legislation requires business to review their data protection practices, as well as company policies, handbooks and employment contracts to ensure compliance with the new legislation.
Ask yourself what data is being collected, how it is collected, and why? What is the legal basis for processing this data, where is it stored, who is it shared with? How is it kept secure and when is it deleted? This needs to be an ongoing thought process moving forwards.
The legislation also means that businesses could be subject to data subject access requests from individuals who have the right to access their personal data and you will have a four week window to respond. Do you have the right processes in place to be able to respond within this timeframe? If not, you really need to consider this as part of your GDPR compliance strategy.
So in a nutshell, what actions should you be taking if you’ve not already taken steps to put measures in place ?
Audit your employee data and delete anything that is no longer necessary for current and past employees;
Audit data collected through recruitment processes and again, delete anything that is no longer necessary;
Formulate a plan should a breach occur through cyber security as to how you will handle this and what steps will need to be taken;
Carry out staff training so individuals know what needs to change and more importantly, WHY it needs to change. Having a workforce who understand the new data protection obligations and potential risks is a key part to ensuring ongoing compliance.
Define your process for Data Subject Access requests
Get a data controller in place (if your business is large enough to require one)
If you are reading this feeling confident about the actions you’ve taken to ensure you are compliant with GDPR, that’s great!
If not, don’t worry there’s still time to do so. Not sure where to start? Get in touch with us through firstname.lastname@example.org and we can give you a helping hand in guiding you to ensure you are GDPR compliant.
Please note our blog posts contain general information and are intended as guidance only and should not be taken as an authoritative or current interpretation of the law. Please ensure that you obtain advice tailored to your individual situation before taking action. These posts apply to the UK only.