On 25th May 2018, the data protection law changes and The General Data Protection Regulation, which is known as the GDPR, comes into force.
The GDPR increases the safeguards for individuals regarding their personal data and it makes organisations more accountable for how they use it.
You will need to ensure that your organisation is ready for, and compliant with, the new Regulation. Some key steps you should consider in your planning for GDPR are:
- Carry out an audit of your data processing activities
- Check whether you need to appoint a Data Protection Officer
- Review your protection and security measures for personal data
- Understand whether you need to keep data processing records
- Review and update privacy notices
- Ensure that there is a GDPR compliant contract between you and any organisation which processes personal data for you such as HR, payroll, IT etc.
- Make sure you understand when you are required to report a data security breach and ensure you know how you will handle it
- Check whether you are transferring any personal data outside the European Economic Area as this is restricted
- Plan GDPR training of staff
You can find out more about GDPR in our video below.