Quick wins to demonstrate GDPR compliance
1. Governance and accountability
Governance and accountability – Make sure that the board and senior management commit to the GDPR project and understand the possible consequences of non-compliance. Complying with the GDPR could have a significant impact on your resources, especially for larger and/or more complex organisations. International organisations should also consider the implications of Brexit in their GDPR planning.
2. Roles and responsibilities
Complying with the GDPR is a project that cuts across functions and businesses. All areas of the organisation involved – IT, finance, HR, sales and marketing – must commit and share responsibility to reach your collective goal: achieving compliance.
3. GDPR Training
GDPR project and privacy managers need to understand the requirements of the GDPR and be well-equipped to plan, implement and maintain a compliance programme.
4. Update privacy notices
Review your data protection policies and website privacy notices and bring them in line with the GDPR. Privacy notices must be clear and transparent about how personal data is going to be processed, by whom and why.
5. Data breach response plan
Ensure policies and procedures are in place to detect, report and investigate a personal data breach, and to meet the 72-hour deadline for notifying the regulatory authorities.
6. Cyber security
Implement organisational and technical measures to address cyber security more effectively.
Cyber Essentials solutions
Gain knowledge of the GDPR, and a practical understanding of the methods and tools for implementing and managing an effective compliance framework.
Shop now >>
7. Data subject access request (DSAR) procedures
Plan how to recognise and handle requests from individuals exercising their privacy rights and provide responses within one month.
8. Staff awareness training (e-learning)
Employees need to be actively engaged in and supportive of the GDPR compliance project. This should include training and education on the basic principles of the GDPR and the compliance procedures being implemented.
9. Data minimisation
Where there is no legitimate purpose or legal requirement to hold personal data, it should be deleted.
Download our free GDPR resources
Speak to an advisor
Please contact our GDPR team for advice and guidance on our products and services.
+44 (0)333 800 7000