The General Data Protection Regulation (GDPR) will come into effect from May 2018 replacing the existing data protection framework.
TOP 10 TIPS TO CONSIDER:
Have you created awareness?
Staff should be made aware that the law is changing to GDPR. They need to appreciate the impact that this will have and how the company will need to plan to meet those commitments and evidence of compliance.
Have you nominated someone to be responsible?
You should nominate someone to be responsible for data protection compliance and assess where the role will sit within your organisation's structure and governance arrangements.
Do you know what information you hold?
You need to document what personal data you hold, where it came from, consent received and who you share it with. You may need to organise an information audit to do this.
Are your privacy notices sufficient or do you have any?
You need to review your current privacy notices and put a plan in place for making any necessary changes in time for the GDPR implementation deadline.
Can you facilitate the rights of individuals?
Check your procedures to ensure they cover all the rights of individuals have, including how you would document your processing activities. Clearly document all the data you hold. Provide data electronically and in a commonly used format (portability). 6. Can you handle subject access requests?
You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
How do you handle or obtain consent?
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don't meet the GDPR...