If you haven’t already done so, now is the time for your organisation to complete a data protection audit and put a plan in place to ensure compliance.
To become compliant, you’ll need to know what personal data you have and where you keep it. You’ll need to be able to show how your organisation uses personal data, why you have it, and who has access to it, as well as your processes for gaining consent, the right to be forgotten and data breach notifications.
Starting point: the questions you need to ask in preparation for the GDPR deadline
- Legal: Do you have a lawful reason to process personal data?
- Informed: Are the people whose personal data you hold aware that you have it, and why? Do they understand their rights? Have you reviewed your privacy notices where you collect personal data?
- Transparent: Is the way in which you acquire consent concise and easy to understand?
- Reasonable: Why are you processing personal data? Is the purpose specific, legitimate and explicit?
- Necessary: Is all the personal data you hold relevant and necessary?
- Current: Is all the personal data you hold accurate and up to date?
- Time limited: If you hold data in a format that allows personal identification, is any of that data being kept for longer than necessary?
- Secure: Where do you store personal data? Is the data secure and protected against theft, loss and damage?
- Controlled: Do you have a named data controller with responsibility for demonstrating compliance?
If you don’t feel you’re up to speed yet, now is the time to take action! There is still time to book a place on one of our GDPR courses.