As the 25th May looms ever closer there is more and more work to do in preparation for the updated legislation.
What is becoming more and more apparent is the level of detail involved in the task, assessing risk levels, recording the data you hold, establishing consent, recording your processing activities, all whilst updating policy, creating new ones and developing control measures, so unless you’re a complete expert its quite the task all in all!!
My approach at the minute, whilst getting some of the basics in place, has been researching exactly what is required to be prepared and I think emphasis does need to be placed on the word ‘prepared’.
To give those out there who really aren’t sure what to do some reassurance, here are a few points to get you going:
- Look at what data you currently hold and what you do with it
- Where is that information shared and with who?
- Who do you do business with and do you share personal data with them?
- Is all your information security up to date and relevant?
- Do you have consent for all the data you hold?
- Have your policies been updated or have you reviewed them in light of GDPR?
A lot of this fact finding can be done through a ‘Data Map’ of your business, even if it’s a simple “spider diagram”, it would enable you to bring all the information together in one place, it’s a good idea to involve as many people as possible to get as much information as possible.
Doing this will enable you to start compiling records of data processing activities and identify risks.
And if you haven’t done so already, I’d highly recommended you appoint someone as the Data Protection Officer for your organisation, it will be a great benefit moving forward!
All the best,
HR Projects and Data Protection Officer