You’ve heard about it and read about it, but just how ready for it are you?
The “it” is GDPR (General Data Protection Regulation). We are now only 3½ months away from when GDPR becomes applicable and will begin to be enforced by the UK Regulator (the Information Commissioners Office).
Remember, any business that processes personal data of a living individual must comply with GDPR, there are no exceptions, for example for sole-traders, limited companies, non-profit making businesses, charities, etc.
Even if you haven’t yet got to grips with GDPR and what you need to, you don’t need to panic. The Information Commissioner has recently said that although 25 May is a fixed date and the law is changing and they will be enforcing it they know not all businesses will be ready by that date. However, if you have clear action plans in place to demonstrate where the gaps are, what you need to do (and what you have already done) they will be far more lenient with you should the worse case scenario occur, and your business is investigated by the ICO. This doesn’t mean to say the ICO won’t issue any regulatory action, but it could be far less severe than if you are not able to demonstrate your GDPR readiness.
My advice to all my clients has been to get your action plans in place and prioritise your actions into high, medium and low priorities and focus on the high-risk areas first, i.e. what will get you into trouble with your customers if you don’t have it right for GDPR, as they are likely to be the first to complain to the ICO. Some areas you should consider as high priority are:
- Privacy Notices – are these up to date and reflect all the additional information an individual has a right to know about before you process their personal data?
- Records of Processing Activities – have you documented all the necessary information you need to keep about your personal data processing activities and what the legal basis is for each activity?
- Consents – do you need to do a consent refresh? Do you have processes in place to record when and how consents were given?
- Security – are the security measures you have in place appropriate enough to safeguard the personal data you are processing?
- Individuals Rights – how ready are you for individuals to exercise any one of their rights?
If you’re still unsure about what you need to do to be GDPR ready and need help to get your action plans in place why not come along to one of our GDPR Readiness Workshops that are taking place at York Science Park on 27th February, 21st March and 24th April (Early Bird Rate £297+VAT; Standard Rate £337+VAT – discounts available for additional delegates from the same business).
Dunwell Data Protection has teamed up with our business associate Jane Fisher Associates (change management expert) to bring you these full day workshops that provide you with an opportunity to:
- ‘deep dive’ into your own business and it’s GDPR preparation
- look at the changes you are required to make in your own business
- start planning and writing relevant resources
- plan your approach to implement GDPR
These are practical workshops of facilitated discussions and analytical activities, supported through the provision of key information and resources – including GDPR guidance, various templates and sample policies. These will enable you to develop an Action Plan, to take away and kick start GDPR Implementation back in your business.
If you would like more information about the workshops and to book your place, or to have a chat about how to implement GDPR in your business and the services we provide to help you do this please get in touch with Samantha Dunwell by email firstname.lastname@example.org or telephone 07534 258800.
Remember, its only 3 months to go till the biggest change in data protection law for a generation takes place!