A new data privacy law, the General Data Protection Regulation (GDPR), comes into force in May 2018 overhauling current data protection legislation. Under the General Data Protection Regulation, data protection law will be significantly lightened and individuals’ rights to bring claims will be strengthened.
The new regulation will impact all business sectors; see our Summer Covernotes newsletter to read more about why all businesses need to be aware of GDPR or continue on to read our top twelve tips to help you get ready for one of the biggest changes in data regulation for many years
1. Make people aware
Ensure key people and decision makers are aware of the impact this is likely to have.
2. Document your information
Document the information you should hold, where it came from and how you used it. Create an information audit if you need to.
Communicate your privacy notices and update if necessary in readiness for the implementation of GDPR.
4. Check procedures
Check your procedures to cover the rights of individual’s data, including how you delete records and how you transmit data.
5. Make a plan
Plan who has access to data records and who has the ability to amend and update records when required. This ensures a transparent audit trail of who is using the data and for what purpose.
6. Confirm the legal basis
Confirm the legal basis you have for using the data you hold and document it.
7. Review ways of obtaining data
Review the way you obtain data with particular regards to obtaining and recording consent to use it from the individual.
8. Verify your data
Plan how you verify ages of individuals when data gathering to ensure if dealing with minors, parental/guardian consent is obtained and recorded.
9. Be prepared for data breaches
Ensure you have procedures in place to detect, investigate, and report a personal data breach.
Use the guidance of Privacy Impact Assessments to understand how to implement them within your business.
11. Be responsible
Designate a Data Protection Officer, if necessary. This must be a responsible person as the role should sit within your company governance arrangements.
12. Be aware of international data regulations
If you deal internationally, you will need to determine which data protection supervisory authority you come under.
Our advice to businesses is act now – ensure you are ready to comply with GDPR when it comes into force in 2018. Make sure to check back with our website in the following months to keep updated on the matter or get in touch with our team.