So what is the General Data Protection Regulation?
“GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. ”
“The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.”
So what must you (as a company) do to be prepared?
1. Become aware:
Review and enhance your organisation’s risk management processes – identify problem areas now
2. Become accountable: Make an inventory of all personal data you hold. Why do you hold it? Do you still need it? Is it safe?
3. Communicating with Staff and Service users:
Review all your data privacy notices and make sure you keep service usersfully informed about how you use their data.
4. Personal Privacy Rights:
5. How will Access Requests change?
Plan how you will handle requests within the new timescales – requests must be dealt with within one month.
6. What we mean when we talk about a legal basis:
7. Using Customer Consent as grounds to process data: Review how you seek, obtain and record consent, and whether you need to make any changes to be GDPR ready.
8. Processing Children’s Data: Do you have adequate systems in place to verify individual ages and gather consent from guardians?
9. Reporting Data Breaches:
Are you ready for mandatory breach reporting? Make sure you have the procedures in place to detect, report and investigate a data breach.
10. Data Protection Impact Assessments(DPIA) and Data Protection by Design and Default: Data privacy needs to be at the heart of future projects
11. Data Protection Officers:
Will you be required to designate a DPO? Make sure that it’s someone who has the knowledge, support and authority to do the job effectively.
12. International Organisations and the GDPR: The GDPR includes a ‘one-stop-shop’ provision which will assist those data controllers whose companies operate in many member states. Identify where your Main Establishment is located in the EU in order to identify your Lead Supervisory Authority.
Are you unsure where to start?
Heard noise about above but not sure if it affects you?
Need to put a plan in place sooner rather than later? (it does come into effect on the 25th of May)
If yes to any of the above, contact us now to help your organisation.
CommSec will take you along the General Data Protection Regulation Journey to make your organisation compliant.
*Sources GDPR and you