It’s nearly been a year since the General Data Protection Regulation came into effect. But this doesn’t mean that we can sit back and relax, we need to make sure that our organisations are still GDPR compliant.
We’ve compiled 10 quick GDPR wins below that should help you identify data protection weaknesses where you work.
- Make sure everyone is aware of the legislation (GDPR), particularly anybody who handles data.
- For some organisations, it’s a requirement that they document the personal data that they hold. For example, document where you received it from and who you are sharing it with. However, even if not required, it’s a good idea.
- You should review your privacy notices regularly. If you don’t and you make any changes to how you collect and process data, you could be at risk for GDPR fines and penalties.
- You should review your procedures to ensure that they cover all of the rights granted to individuals, including how you go about changing personal data and how you provide data electronically and in a commonly used format to individuals.
- You should update your procedures and plan how you will handle requests to delete an individual’s information.
- You should have identified the lawful basis for your processing activities under the GDPR, documented it, & included it in your privacy notice.
- You should review whether you need consent, and if you do, how you seek, record, and manage it and whether you need to make any changes.
- You should have thought about whether you need systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data relating to children.
- You should make sure you have the right procedures in place to detect, report, and investigate a personal data breach.
- You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. For some organisations, this will mean appointing an official Data Protection Officer (DPO) but even if you don’t need one, you should have a person, or team of people, who are responsible for overseeing data protection within your organisation.
Download our free GDPR White Paper today to gain a better understanding of how the GDPR affects you and your organisation.
Our General Data Protection Regulation Courses
We have two GDPR courses available at iHASCO, one that looks at the essential requirements of the GDPR and another that is GDPR for Management Training for management or people who make decisions about collecting, storing and using peoples personal data.
In light of the one year anniversary of the GDPR, we have also released a 15-minute GDPR refresher course that is perfect for those who have already undertaken training and want to recap their understanding of the GDPR