GDPR: Helping you become GDPR compliant.
In the coming months, we will be outlining the steps you will need to take to make sure that you are GDPR compliant.
The new General Data Protection Regulation (effective 25 May 2018) relates to personal data you hold on individuals, it is an expansion of existing data protection laws and introduces large fines for non-compliance.
GDPR requires businesses to be able to demonstrate how they are using and safeguarding that personal data. In order to achieve this, you should
1. Inform yourself of your responsibilities
2. Create a register of personal data held, using that process as an opportunity to remove old/out of date or no longer required data.
3. Update your privacy and internal process documentation
4. Make sure you have an audit trail of ‘permission asked’ and ‘permission granted’
5. Set a review period because consent does not last forever
6. Inform your staff of their responsibilities
Remember the first data protection principle, which means you must have legitimate grounds for collecting and using the personal data.
If you are direct marketing by post, email, text, phone or any other form using this personal data then 3 practical steps that you should do straight away are:
1. Contact the individuals seeking their permission to continue to do so after the 25th May, ‘permission asked’,
2. Retain this consent in order to be able to demonstrate in the case of a review that you have ‘permission granted’ and
3. Abide by it, no matter how painful it may be.