General Data Protection Regulation - Commsec



Communication Consultancy

IT Consultancy

General Data Protection Regulation

So what is the General Data Protection Regulation?
“GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ”

“The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.”

So what must you (as a company) do to be prepared?

1. Become aware:
Become aware
Review and enhance your organisation’s risk management processes – identify problem areas now



2. Become accountable: Make an inventory of all personal data you hold. Why do you hold it? Do you still need it? Is it safe?

3. Communicating with Staff and Service users:
Communicating with Staff and Service Users

Review all your data privacy notices and make sure you keep service usersfully informed about how you use their data.



4. Personal Privacy Rights:
Ensure your procedures cover all the rights are entitled to, including deletion and data portability.

Ensure your procedures cover all the rights individuals are entitled to,including deletion and data portability.




5. How will Access Requests change?
How will Access Requests change?
Plan how you will handle requests within the new timescales – requests must be dealt with within one month.

6. What we mean when we talk about a legal basis:

What we mean when we talk about a legal basis

Are you relying on consent, legitimate interests or a legal enactment to collect and process the data? Do you meet the standards of the GDPR?

7. Using Customer Consent as grounds to process data: Review how you seek, obtain and record consent, and whether you need to make any changes to be GDPR ready.

8. Processing Children’s Data: Do you have adequate systems in place to verify individual ages and gather consent from guardians?

9. Reporting Data Breaches:

Reporting Data Breaches


Are you ready for mandatory breach reporting? Make sure you have the procedures in place to detect, report and investigate a data breach.

10. Data Protection Impact Assessments(DPIA) and Data Protection by Design and Default: Data privacy needs to be at the heart of future projects

11. Data Protection Officers:

Data Protection OfficerWill you be required to designate a DPO? Make sure that it’s someone who has the knowledge, support and authority to do the job effectively.



12. International Organisations and the GDPR: The GDPR includes a ‘one-stop-shop’ provision which will assist those data controllers whose companies operate in many member states. Identify where your Main Establishment is located in the EU in order to identify your Lead Supervisory Authority.

Are you unsure where to start?
Heard noise about above but not sure if it affects you?
Need to put a plan in place sooner rather than later? (it does come into effect on the 25th of May)

If yes to any of the above, contact us now to help your organisation.

CommSec will take you along the General Data Protection Regulation Journey to make your organisation compliant.

*Sources GDPR and you

Go to:
IT Consultancy
Communication Services
Managed Service

Talk to CommSec today, to discuss how we can help you with your needs.