Preparing for the newGeneral Data ProtectionRegulation
The newGeneral Data Protection Regulation (GDPR) comes intoeffect on 25 May 2018. It sets a high standard for consent and doing this well should put individuals more in control, help build customer trust and increase engagement as well as enhance your reputation. Offering customers the choice to ‘opt in’ also gives them more control on what they receive and how you use their data. It is essential to start planning your approach to GDPR compliance as early as you can and to gain ‘buy in’ from key people in your organisation. For example youmay need to put new procedures in place to deal with the GDPR’s new transparency and individuals’ rights provisions. In a large or complex business this could have significant budgetary, IT, personnel, governance and communications implications. The checklist opposite highlights 12 steps you can take now to prepare for the newGDPR.
››› 12steps totakenow...
1. Awareness Make sure key decision makers in your organisation are aware that the law is changing to the GDPR.
5. Subject access requests Update procedures and plan how you will handle requests within the new timescales. 6. Legal basis for processing personal data Lookatvarioustypesof dataprocessing you carry out, identify your legal basis for carrying it out and document it.
9. Data breaches Have the right procedures in place to detect, report and investigate a personal data breach.
2. Information you hold
10. Data protection
by design and data protection impact assessments
You should document what personal data you hold, where it came from and who you share it with.