There are less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, but some businesses are not even thinking about it yet, or are only just starting to.
In the first two blogs we set out key steps for starting compliance projects, along with some IT Governance solutions should you need any extra help.
Read steps 1–3 here and steps 4–6 here.
This third and final blog covers steps 7–9.
7) Create or improve key policies and processes
According to Article 30 of the GDPR, companies will be required to record personal data processing activities including, but not limited to, the categories of data being processed, the categories of recipients of the data and time limits for keeping the data.
Each business will also need a privacy notice and a data protection policy, and to update or review contracts with employees and suppliers to ensure they are compliant.
Data subject access requests, incident reporting and data breach reporting will all need written processes, too.
The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customisable. It includes all the processes outlined above as well as other helpful documents such as a data protection officer job description.
8) Communications strategy
As your business becomes GDPR compliant, staff need to understand and follow the new processes and procedures. Training new staff and holding regular refreshers is essential.
The GDPR Staff Awareness E-learning Course is a simple-to-use interactive modular e-learning programme that introduces the GDPR and key compliance obligations.
9) Monitor, audit and improve
GDPR compliance is a journey not a destination. To demonstrate ongoing compliance you will need to undertake periodic internal audits and updates of your data protection processes. This includes record keeping of processing activities and consent, testing information security controls and conducting DPIAs. Don’t delay until May 2018 to get GDPR-ready.
GDPR training is key to achieving best practice in data protection and information security. We run EU GDPR Foundation and Practitioner training courses at multiple locations across the country on a weekly basis, with spaces still available in January.
EU GDPR Foundation Training Course
Belfast: 8 January (save 10%)
Birmingham: 15 January
London: 15 January, 22 January
Also available as a Live Online course: 22 January, 5 February
EU GDPR Foundation and Practitioner Combination Course
London: 22–26 January
Newcastle: 22–26 January
Live Online: 22-26 January
Book both courses at the same time to save 15%. View more >>
Many more dates and locations are available.