GDPR compliance should be a priority and high on every organisation’s agenda with only three months until the regulation comes into effect on 25 May 2018.
Recent research by Ipsos MORI on behalf of the UK government, however showed that only 38% of UK companies were aware of the GDPR and, of those, only about 25% had made a start on their GDPR compliance project.
If you are just beginning your GDPR compliance project, it’s unlikely that you’ll be fully compliant by the deadline, but steps can be taken to prove that you are making an effort to comply. We suggest starting with the following activities:
- Accountability, board awareness and attention – convince the board that the GDPR is a top priority, allocate a board member to be accountable for the GDPR project and get resources (time and money) approved.
- Roles and responsibilities – set up a project team, including key business functions such as HR and marketing.
- Training – make sure those responsible for the project are trained on implementing the GDPR in the workplace.
- Privacy notices – privacy notices need to be displayed to data subjects wherever you capture data.
- Incident response and breach reporting – write procedures and educate staff on what constitutes a data breach to ensure the whole organisation follows procedure should you be breached.
- Security measures – protect the data you hold by taking security seriously – Cyber Essentials is a good place to begin.
- Data subject access requests (DSARs) – write a procedure for DSARs so that you are ready to handle one – remember, you only have 30 days to respond!
- Staff awareness – it’s vital that your staff are aware of the GDPR basics.
- Delete any data that is no longer legally required – if you don’t have a lawful reason to keep it, remove it.
Addressing these issues is an effective way to begin your GDPR project, and should help to minimise any penalties if you experience a breach.
The EU GDPR Documentation Toolkit contains many useful template documents, worksheets and policies to help you with your compliance project. Included in the tool is a subject access request procedure, privacy notice template and breach notification procedure, to aid with the GDPR priorities we’ve suggested. For more information and a full list of the items in the EU GDPR Documentation Toolkit, visit our website.