Tag Archives: GDPR

GDPR is your business ready?

With the deadline for GDPR fast approaching you still have time to get your business ready and this checklist may help you do just that.

Your current business data
Your business will undoubtably hold data already and the questions to ask is do you know what this data is, i.e. name, address, job title, contact details? Where it came from, i.e. sign up forms, events etc. Why you have this data i.e. marketing, admin? and finally do you share this data with anyone or any other company. This is whats called a data audit and if you’ve not done on then you need to.

Is everyone in the business on board?
The implementation of GDP effects everyone in your business, so everyone needs to be aware of it and what the implications are. This is likely to mean changes are required but how will you know if you don’t bring your employees on board. We are all in some way data collectors so we all need to be a ware of our responsibilities when we collect data from anyone.

What information do you need?
Even business will need a privacy policy that covers what you do with data you collect and a key question to ask in this is what information you need and why you need it, it may well be you need a post code for possible deliveries or a phone number – please don’t ask for information you do not need.

Consent
For the data you hold and plan to use do you have permission to use this data, this will include things like how you got consent and did this include consent to use in the way you wish to do so. Also if you got consent through a simple form that the owner must be able to withdraw consent in a similar way, certainly it should be an easy process and no more difficult than how it was gained in the first place.

Unauthorised Loss of Data
Every business will need a procedure in place that covers the potential loss of data you hold, so you need to make yourself aware of what you need to do and what timescales are in place to fulfill this requirement. It is worth mentioning that the penalties can be unlimited by the Information Commissioners Office if you have a loss of data and you do not have a plan for managing this.


Getting your business facing these challenges and have them working for you shouldn’t be an afterthought – the businesses that succeed will be the ones that have a clear plan in place. If you need help in ensuring your business has the right tone of voice then please call us on 01392 241653 or contact us through the website here for a no obligation conversation.

Also if you need help with a GDPR documentation we can recommend Herbert Ball LLP and you can visit their website here.

Tags:, , , , , , , ,

What is GDPR – The General Data Protection Regulation

GDPR or by its full title – The General Data Protection Regulation (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) and it comes into effect in May 2018.

In preparing for GDP the Information Commissioners Office give 12 steps your business can take now, some/all of which may well apply to you.

  1. Awareness – the key people in your business should know the law is changing.
  2. Information you hold – where has this come from?
  3. Individuals rights – do your procedures cover management of the data you hold
  4. Privacy information – does your business have uptodate privacy notices?
  5. Access requests- how will you manage individuals asking for what data you hold on them?
  6. Lawful basis for your data – You should identify the lawful basis for your processing activity in the GDPR
  7. Consent – have people given permission for you to hold their data?
  8. Children – if you have minor’s data you already need stringent processes in place, these will need to be tougher.
  9. Data breaches – do you have processes in place to manage a data breach?
  10. Data protection – you key people need to be uptodate on he policies and procedures for these new data protection regulations.
  11. Data protection officers – your business needs to have a key person to act as the data protection officer
  12. International – if you trade internationally then you need to determine your lead data protection supervisory authority.

One thing is for sure this new regulation is far more encompassing then the current data protection regulations and adds a whole new level of responsibility onto every business large and small.  At the time of writing this update significant parts of GDPR are still to be finalised so for more detailed information and a ‘living’ document you need to head to the information commissioners website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

Tags:, ,