You may be wondering what direction to take in your preparation and planning for compliance under the GDPR (General Data Protection Regulations) due to come into force on the 25th May 2018.
The Information Commissioner’s Office (ICO) has put together a checklist to help you on your GDPR journey. Answering ‘yes’ to every question does not guarantee compliance, but means you are heading in the right direction.
It may be a helpful guide to follow to enable you to formulate an action plan for your organisation.
- Do I have someone responsible for data protection in my organisation?
- Have I accessed as much information as possible to ensure I am well informed about the GDPR?
- Do I really need the information I hold about this individual and what is my legal basis for processing that data? g. consent, contract, legitimate aim…
- Do the people whose information I hold know that I have got it and do they understand what it will be used for?
- Am I satisfied that the information I hold is secure, whether it is on paper or on computer? Can I encrypt my e-mails? Can I enhance the security of my data?
- Am I sure the personal data I hold is accurate and up to date?
- Do I have a process to destroy/delete data as soon as I am no longer entitled to hold it?
- Is access to personal data limited to only those with a strict need to know?
- If I use CCTV, am I telling people I have it and am I ensuring I don’t intrude on people’s privacy with them?
- Have I trained my staff about the GDPR and their new responsibilities to protect data? Am I monitoring the implementation of policies and procedures?
- If I want to put staff details on my website, have I consulted them about this?
- If I am asked to pass on personal information, do I know how and when I am permitted to do so?
- Would I know what to do if an employee or customer asks me for a copy of the information I hold about them?
- Have I written policies on how I expect my staff to deal with data protection issues, such as a data retention policy?
- Do I need to register with the Information Commissioner?
The ICO website contains many helpful links to information regarding data protection and the new regulations. See www.ico.org.uk. This link provides help for smaller businesses who are unsure how to get started with GDPR.
Have a look at our other GDPR blogs to help you prepare for the 25th May:
Please note: This article is a commentary on general principles and should not be interpreted as advice for your specific situation.