Ensure your business is prepared for General Data Protection Regulation on May 25th 2018
What steps do I have to take?
From May 25 2018, new EU guidelines will come into effect making changes to the way in which organisations are able to collect, use and transfer personal data. Below are a few key steps to consider to help ensure you remain compliant once the changes are made, or you could download our PDF guide to distribute to members of your team.
Ensure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to be understand the implication deadlines and appreciate the impact this is likely to have.
• INFORMATION YOU HOLD
You will need to document what personal data you hold, where the information came from and with whom it is shared. An information audit may be organised to get everything up to date.
• INDIVIDUAL'S RIGHTS
You should check your procedures to ensure they cover all of an individuals rights, including steps you would take to delete personal data or providing data electronically and in a commonly used format.
• COMMUNICATING PRIVACY INFORMATION
Review your current privacy notices to make sure they are up to date and put a plan in place for making any changes needed in time for GDPR implementation on May 25th 2018.
• LAWFUL BASIS FOR PROCESSING PERSONAL DATA
Identify the lawful basis for your processing activity in the GDPR, document this and be sure to update your privacy notice explaining it.
• SUBJECT ACCESS REQUESTS
Plan how you will handle requests within the new timescales and update your procedures providing any additional information.
• DATA BREACHES
You should make sure you have the correct procedures in place to detect, report and subsequently investigate any personal data breaches that may occur.
Start to consider whether you will need to put systems in place to verify the ages of individuals and to therefore ensure parental or guardian consent is obtained prior to any data processing activity.
• DATA PROTECTION BY DESIGN AND DATA IMPACT ASSESSMENTS
Familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party. Work out how and when to implement these within your organisation.
• DATA PROTECTION OFFICERS
Consider whether you are required to formally designate a Data Protection Officer. You should assign someone with the responsibility for data protection compliance and assess where this role will sit within your organisation’s structure.
If your organisation operates in more than one EU member state (For example, if you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.
What about Brexit?
Despite the result of the Brexit referendum and the subsequent triggering of Article 50, the UK will still be an EU member when these regulations are brought into effect on May 25 2018. Therefore, businesses will still be required to adhere to the regulations set out. It is still unclear how this will be affected once the UK's departure from the EU is confirmed.
We have been proudly providing storage solutions to the West Midlands, Worcestershire, Warwickshire, Staffordshire, Birmingham, Wolverhampton, Walsall, Dudley, Kidderminster, Redditch, Solihull, Worcester, Coventry, Oldbury, Wombourne, Wednesbury, Bromsgrove, Cheltenham and Leicester (to name just a few!) for over a decade..