Fiona Boswell

Partner, Head of Franchising and Commercial Services


Top 10 tips to get your business GDPR ready

Fiona Boswell

The General Data Protection Regulations will be coming into force on 25 May 2018. The fines for failure to comply are significant in comparison to the current regime. The brand damage is often far worse as customers lose trust in brands that fail to adequately protect their data. 

To ensure that your business is compliant by this deadline follow our guidance below: 

1. Conduct a data audit 
Review and record what you currently do to manage, store and administer personal data. Including any third parties involved.

2. Adopt secure systems and processes for the management and administration of personal data  

3. Appoint a data protection officer 
Not every business needs one but it is good practice to have one anyway so it is clear the issue is being considered by the business. 

4. Train Board level staff to ensure they are GDPR aware
Failure to comply has serious consequences for those at board level they should understand the significance of their responsibilities. 

5. Get your customer facing staff up to speed
Your customer facing staff need to understand the importance of good data management. 

6. Be Data Breach Ready
Implement policies to specify how the business deals with data breaches so these can be dealt with quickly and effectively when they happen

7. Be Subject Access Request Ready 
Individuals are more Data rights aware make sure staff know how to deal with subject access requests and they are dealt with consistently and in a timely fashion. 

8. Get Consent 
Review the process that you use to secure consent to use of customer data and ensure it is GDPR compliant. 

9. Back to Back your liability 
Make sure contracts with data processors are robust as concerns their treatment of data. Cross indemnities are necessary to protect your own exposure. 

10. Document Document Document
The GDPR requires businesses to be able to demonstrate compliance by the policies, systems and information that a business uses for the management and administration of data. This means that recording and demonstrating Data Compliance must be a core part of all businesses. 

Sitemap | Ask a question | Careers | Accessibility | Terms of Use | How we handle your data

© 2018 Fraser Brown Solicitors. Authorised and regulated by the Solicitors Regulation Authority.
SRA Number: 0048586   |SRA |  VAT Number: 116 4751 78

Fraser Brown is a partnership of limited companies. Any references to partners in any document should be taken as being references to the directors of the limited companies and not to individual partners of the firm.