9 Steps to GDPR Compliance

GDPR – 9 Steps to Compliance

Taking things a step at a time makes the whole process much more manageable…

1.AWARENESS
Decision makers will need to be aware of this and start to learn about the steps ahead that need to be taken and allow time and budget for this.

2. REVIEWING DATA YOU HOLD IN LINE WITH THE LAW
Think carefully about the data you currently store and record. Did it come with the person’s consent? Do you share these details and if so, with the person’s consent? Do you need to keep data for a legitimate reason? Conduct an audit if necessary. You’ll need to determine lawful and legitimate reasons for processing and storing data.

3. PRIVACY & CONSENT
Your privacy policies will need to be reviewed in line with the regulation to make your reasons for collecting, storing and sharing data as clear as possible. Be sure that this is available to anyone you’re collecting data from and that their informed consent is gained. What you do must match your policies and you must use data for the reason that consent has been given.

4. INDIVIDUALS’ RIGHTS & REQUESTS
Natural persons have more control over their own data and they’re free to make access requests without being charged an admin fee. Be prepared to delete or anonymise data and provide records of the data you hold on a person upon request in a ‘commonly used format’.

5. CHILDREN
Does your business require children’s data for legitimate purposes? If so, you’ll need to verify that you have consent from their parents or guardians before processing this. You’ll also need to consider whether a mechanism is necessary to confirm a child’s age so that correct consent can be given.

6. DATA PROTECTION OFFICERS (DPO)
Public organisations will be required to appoint a DPO but private organisations will need to think about designating this role. Candidates will need to be respected by colleagues, independent from other roles that may be a conflict of interest and have expert knowledge of the GDPR. A service or external provider may also be appointed.

7. BREACH: LOSS, THEFT & INTEGRITY
It will be compulsory to report a data breach from 25th May 2018. You need to have procedures in place to be able to identify when a breach has taken place, to report it within the specified time frame and undertake investigation.

8. PRIVACY IMPACT ASSESSMENTS (PIA)
If and when new projects or processes are implemented, use the PIA approach. This will help you assess the risk and impact on individuals’ privacy so that you can design your processes to protect this data.

9. MULTI-NATIONAL
Article 29 Working Party guidelines will help you to determine where your lead data protection supervisory authority should be if you operate in more than one EU member state.

Heeeelp, I need some advice and support!

GDPR – 9 Steps to Compliance

Don’t underestimate the amount of work that may be involved. For organisations that have been storing and processing customer data for some years it can be quite a sizeable task; unless you have a member of staff who’s trained and dedicated to dealing with data security.

If you find you need someone knowledgeable to talk to along the way, give ABtec a call and one of our trained Cyber Essentials and IASME Governance assessors will be able to offer advice and support.

GDPR – 9 Steps to Compliance

Useful Links

GDPR – 9 Steps to Compliance
GDPR – 9 Steps to Compliance
GDPR – 9 Steps to Compliance
GDPR – 9 Steps to Compliance
GDPR – 9 Steps to Compliance
GDPR – 9 Steps to Compliance

Contact Us

Support

Phone: 01942 209060 Monday-Friday, 8:30am – 4:30pm
Email: support@abtec.net

Sales

Phone: 01942 209060 Monday -Friday, 8:30am – 4:30pm
Email: quotes@abtec.net

Please note: The sales team are unable to respond to technical support or accounts queries.

Accounts & Billing

Phone: 01942 209060 Monday -Friday, 8:30am – 4:30pm
Email: accounts@abtec.net

Please note: The accounts team are unable to respond to technical support or sales queries.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt