The General Data Protection Regulations will be coming into force on 25 May 2018. The fines for failure to comply are significant in comparison to the current regime. The brand damage is often far worse as customers lose trust in brands that fail to adequately protect their data.
To ensure that your business is compliant by this deadline follow our guidance below:
1. Conduct a data audit
Review and record what you currently do to manage, store and administer personal data. Including any third parties involved.
2. Adopt secure systems and processes for the management and administration of personal data
3. Appoint a data protection officer
Not every business needs one but it is good practice to have one anyway so it is clear the issue is being considered by the business.
4. Train Board level staff to ensure they are GDPR aware
Failure to comply has serious consequences for those at board level they should understand the significance of their responsibilities.
5. Get your customer facing staff up to speed
Your customer facing staff need to understand the importance of good data management.
6. Be Data Breach Ready
Implement policies to specify how the business deals with data breaches so these can be dealt with quickly and effectively when they happen
7. Be Subject Access Request Ready
Individuals are more Data rights aware make sure staff know how to deal with subject access requests and they are dealt with consistently and in a timely fashion.
8. Get Consent
Review the process that you use to secure consent to use of customer data and ensure it is GDPR compliant.
9. Back to Back your liability
Make sure contracts with data processors are robust as concerns their treatment of data. Cross indemnities are necessary to protect your own exposure.
10. Document Document Document
The GDPR requires businesses to be able to demonstrate compliance by the policies, systems and information that a business uses for the management and administration of data. This means that recording and demonstrating Data Compliance must be a core part of all businesses.