GDPR Ready

Privacy is an ongoing effort, so it is difficult to draw a line in the sand and tell a company they are “ready”.  However, our data protection experts are able to quickly identify areas of your business that require attention to demonstrate you have taken all reasonable steps – and we follow a procedure to achieve this. We do this via our Gap Analysis process

Learn what personal data you have in the business and where it is. If this has already been done, then we will review the findings of your audit and look to see what remediation efforts have been implemented. This will be key to understanding how ready you really are.

We are committed to making your audit as efficient and cost-effective as possible…

Ensure your business is able to recognise a data subject request and know how to administer this within the appropriate timescales.  Failure to administer these on time constitutes an immediate failure of the legislation, so they are easy areas to slip up.

Regularly scheduled staff training sessions are essential to ensure a privacy culture is maintained at all levels of the business. The ICO has recently stated training is a critical element of a privacy culture.

You need a legal basis to hold any data in the business. If you’ve not considered this, how can you determine you have a right to hold any personal data?

Do you have specific procedures in place to identify and recognise a data breach when it happens? Do you know the definition of a data breach and the conditions in which you need to report it to the Information Commissioners’ Office?

Some businesses are required by law to have a DPO provision. Do you fall into this category? This role must be assigned carefully within the business – otherwise, it could be a conflict of interests. You may find our page on Outsourced DPO’s useful.

Ensure all your policies and procedures reflect the processing activities of the business. Transparency is a prime element of GDPR – and an essential area to cover.