GDPR is an important law to adhere to, and by being compliant, it can protect yourself and your business from possible issues, from data breaches to fines.
Organisations that do not comply with the law will face fines of up to €20 million (approx. £18 million) and potential damage to their reputation. In this blog post, we give you 12 simple tips on how to ensure your business is GDPR compliant.
- Awareness – all members of your organisation should be aware of the law on how personal data is held, and key people should understand the role they play in ensuring the organisation is prepared.
- Document Your Information – you should document the personal data your business holds as an audit, including where it came from and who you share it with.
- Privacy Documents – you should review your organisation’s current privacy documents and update them if needs be.
- Individuals’ Rights – you should ensure that your documentation covers individuals’ rights and that you can provide data electronically or delete it if an individual request it.
- Request Timescales – you should ensure that you can provide the requested information within a dedicated timescale and have plans in place for doing so.
- Lawful Basis for Processing Personal Data – you should identify the lawful basis for your processing activity in the GDPR and update your privacy documents explaining it.
- Consent – you should review how you ask for consent when taking personal information; this includes collecting and storing data. The GDPR states that any digital communications should be opted into.
- Children – you should review whether you need to ask for individuals’ ages, and, therefore, whether you need to ask for parental or guardian consent.
- Data Breaches – you should review your procedures for preventing, detecting and acting on personal data breaches.
- ICO’s Privacy Assessments – you should familiarise your organisation’s key people with the ICO’s code of practice on privacy impact assessments along with Article 29 Working Party, then implement them.
- Data Protection Officers – you should elect one member of staff to be responsible for data protection and compliance or consider whether you formally need to assign a data protection officer.
- International – if your organisation operates in several EU member states, you should determine your lead data protection supervisory authority.