With just 14 working days to go until GDPR implementation day, what should you be focusing on?
At our conference on 26th April, 57% of those attending said they had nearly completed all of the changes they needed to make in advance of 25th May, 4% stated that they were ready. So, what about the 22% who said they had only just started, or the 17% who didn’t know what GDPR was?? The key is DO NOT panic. It’s not Y2K all over again, the world will not end if you haven't completed all of your preparations by 25th May.
What you do need is a plan……
Transparency is the key – prioritise those documents which tell your clients/customers what you will do with their personal data – how do you collect it, how do you process it, who do you share it with, how long do you keep it and how do you delete it?
Policies – get your key documents in order – data protection policy, data retention policy, privacy notices, cookies policy etc – make sure they are fully updated and available on your website.
Data processors – make sure you have full contractual arrangements in place with anyone who processes personal data on your behalf.
Data subject rights – how can your customers/clients exercise their rights under GDPR? Make sure this is clearly signposted in your privacy notices, data protection policy and on your website – something simple, quick and easy. Make sure your staff know who to refer any requests to.
Don’t forget your employees! They will need a privacy notice that covers the use of their data for employment purposes and they will need to know where to refer any GDPR questions they either have themselves or receive from clients/customers.
Security – do you have robust security measures in place for both your electronic data and any paper data you store in filing cabinets?
Beyond this, and perhaps beyond 25th May, you will need to refine your processes for responding to data subject requests, ensure you have a full training programme in place (if you haven’t done training already) and consider what spot checks and audits you need to have in place to ensure ongoing compliance and accountability.
And don’t forget, here at Teal we are available to offer support both in and out of business hours so if panic does start to set in, get in touch – firstname.lastname@example.org