If you haven’t already done so, now is the time for your organisation to complete a data protection audit and put a plan in place to ensure compliance.
To become compliant, you’ll need to know what personal data you have and where you keep it. You’ll need to be able to show how your organisation uses personal data, why you have it, and who has access to it, as well as your processes for gaining consent, the right to be forgotten and data breach notifications.
Starting point: the questions you need to ask in preparation for the GDPR deadline
Legal Do you have a lawful reason to process personal data?
Informed Are the people whose personal data you hold aware that you have it, and why? Do they understand their rights? Have you reviewed your privacy notices where you collect personal data?
Transparent Is the way in which you acquire consent concise and easy to understand?
Reasonable Why are you processing personal data? Is the purpose specific, legitimate and explicit?
Necessary Is all the personal data you hold relevant and necessary?
Current Is all the personal data you hold accurate and up to date?
Time limited If you hold data in a format that allows personal identification, is any of that data being kept for longer than necessary?
Secure Where do you store personal data? Is the data secure and protected against theft, loss and damage?
Controlled Do you have a named data controller with responsibility for demonstrating compliance?
If you don’t feel you’re up to speed yet, now is the time to take action! There is still time to book a place on one of our GDPR courses.