With two weeks to the implementation of GDPR there is very little time to get ready for compliance.
You will have seen over the past week that we have issued some documents to you all that reflect just a small amount of the work we have been doing here at FusionHR to ensure we keep the personal data provided to us by yourselves safe.
Whilst we are well into our GDPR Journey and I have now completed my GASQ EU GDPR Certified Practitioner Accreditation, there is still more to do and there will be for some time to come, I have even drafted in Kirsty and Jo to help me with some of this monumental task. You will have heard from them earlier in the year regarding their own journey into GDPR territory, when they completed the GDPR Foundation Accreditation.
In assessing where you should all be by now, it would be best look at what you should have in place ready to go for the 25th!!
Hopefully, by having completed your data maps and records of processing activities, you should have been able to complete the majority of Data Protection Impact Assessments, to satisfy the ICO you are taking Data Protection seriously and have considered all your risks.
Following on from this, Privacy policies for Staff, Parents and Pupils should have all been updated ready to inform those you are collecting data from, what you intend to do with it and how it will be shared if at all and let data subjects know of their rights.
This in turn will reflect your commitments within your data protection and information security policies that satisfy the 8 Rights of Data Subjects and ensure you are compliant with the 6 Principles of GDPR.
Looking forward whilst this is a basic overview of where you should be by now, you must also consider what you need to do for the forseable by implementing an auditing programme of information security to check that you are not just storing data securely, but also ensuring that your lawful basis for processing is still relevant to those you categorised before the 25th May this year. It will help you identify ongoing vulnerabilities in relation to your ICT networks and internal processes and assist in the development of adequate measures in ensuring the confidentiality, integrity and accuracy of the data you are entrusted to look after.
Throughout the year, I will continue to put out more information on how we are doing and where organisations should be going with GDPR, as this is not something we can sign off and forget about once the day arrives, it will be a continual effort to maintain and as I am sure you are all aware, there will be those that will test their newly established rights and freedoms under the legislation which in turn will force precedent and create further change for us all.
Keep going with it all and if you need any help with it, give us a call!! We are offering a GDPR Healthcheck both before and after the deadline to look at prepartion and actions, if this is of interest please get in touch with firstname.lastname@example.org or call 01924 827869.