What is GDPR?
The way businesses process data is changing. The General Data Protection Regulation (GDPR) is being introduced to replace the current 1998 Data Protection Act.
GDPR will govern how businesses use, handle and protect personal data.
From 25th May 2018, businesses will be required to:
-
Keep a record of all personal data they hold
-
Prove they have the correct consent to use that data
-
Show how the data is being used
-
Demonstrate what controls are in place to protect it
So, how do I prepare?
Start early
Organise an information audit and begin documenting what personal data you store. Identify where it came from, the reasons why you store it, and consider whether you really need to continue storing this information.
Starting early will give you more time to review and make necessary changes without pressure.
Make sure your employees have the knowledge they need
It’s very important that your employees understand GDPR and its impact on your business.
As an employer, you must ensure staff understand when, how and why GDPR is coming into force. Employees should also be aware of the new data protection laws so that, in the unfortunate event of a data breach, they know how to respond correctly and positively.
Review your processes
Under the new law, you will need to record and manage consent for the data you hold.
Now is the ideal time to review your current processes and put any necessary changes in place to ensure compliance with GDPR.
GDPR comes into force on 25th May 2018. You can find out more information about the changes by visiting the links below or by attending one of the many training and information events being held.
Useful information
Overview of the GDPR
https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Getting ready for GDPR
https://ico.org.uk/for-organisations/data-protection-reform/getting-ready-for-the-gdpr/
GDPR events and training
https://www.eventbrite.co.uk/d/united-kingdom/gdpr/