There is a lot of talk about the GDPR and the clock is ticking when it comes to setting your business up for success.  What does GDPR mean for your organisation? It is safe to assume that your business will be affected by GDPR and you will have a number of tasks you have to complete before GDPR comes into play on the 25th May 2018.  We have created a GDPR Hub to help.

What do you need to do?

  1. You must consider the handling of all personal data. This personal data must be handled in a transparent, fair and lawful way. In short you must make it clear to people how you are going to use their data, why you need that data and any movement of that data.
  2. All data captured must only be used for the explicit purpose it was captured for and nothing else. When disclosing what the data is going to be used for upfront this has to be specific, explicit and for legitimate purposes.
  3. You must only capture the data you need to carry out the specific purpose you have stated.  You are no longer allowed to capture extra data that would be nice to know to build up a profile for example.
  4. You must only hold data for a limited period of time, for as long as was stated upfront or for as long as it takes to complete the stated task.
  5. You must ensure that the personal data you hold can be easily erased or updated. The data must also be accurate and you must take certain steps to ensure its accuracy. If someone asks for their data to be updated or removed this has to be actioned and happen across your entire company so a joined up approach is required.
  6. Your organisation must take steps to ensure the security of the data held. You are responsible for all the data you hold and any breach in that security will be blamed on you. This includes technical security, such as encryption and software but also includes organisational processes, such as company policies and access restrictions etc. This extends wider though to any cloud based system you use, if there is a breach then that will fall under your organisations liability.

In order to get compliant, this will  require a fundamental shift to the way many organisations deal with data and at the very least involve a full review of every data, technical or organisational process impacting data.

For more information, visit our GDPR Hub and find out how to get compliant.

 

 

To make sure you don’t miss an update.  Please follow us on: