On 25th May 2018, the data protection law changed and The General Data Protection Regulation, which is known as the GDPR, came into force.
The GDPR increases the safeguards for individuals regarding their personal data and it makes organisations more accountable for how they use it.
You will need to ensure that your organisation is compliant with the Regulation. Some key steps you should consider in your GDPR planning are:
- Carry out an audit of your data processing activities
- Check whether you need to appoint a Data Protection Officer
- Review your protection and security measures for personal data
- Understand whether you need to keep data processing records
- Review and update privacy notices
- Ensure that there is a GDPR compliant contract between you and any organisation which processes personal data for you such as HR, payroll, IT etc.
- Make sure you understand when you are required to report a data security breach and ensure you know how you will handle it
- Check whether you are transferring any personal data outside the European Economic Area as this is restricted
- Plan GDPR training of staff
For help with The General Data Protection Regulation, please get in touch with Samantha Wright.