So, the 25th May 2018 has passed and the world didn’t end, thankfully, however some organisations are still a little behind where they need to be regarding GDPR.
Here at FusionHR, things are going well and the work we have put in has cemented our approach to Data Protection and ensuring ongoing compliance with GDPR and the new Data Protection Act 2018.
You might think that once all the obligatory documents are in place the job is done, unfortunately it’s not. There is still plenty of ongoing compliance work to do, such as, documenting data destruction, updating processing records, producing Data Protection Impact Assessments (DPIA’s) for new data processing tasks, the list goes on.
So how do we deal with this and manage it effectively?
My advice is to break it down into small chunks, you can’t do it all at once, very much like preparation, it’s a step at a time. You might audit your archive one week to check on data retention dates, pull small chunks of personal data from each data set you have to verify its accuracy, review your policies the next, in line with the continually updated guidance from the ICO.
If it’s timetabled effectively, data protection compliance can and will become part of the everyday work we do, and that pretty much sums up the data protection by design principle.
Don’t make it difficult and keep on top of it!
If I were to recommend a key point of focus this month, I would say focus on the Subject Access Request Guidance and Data Breach procedure and train both on to staff. Now people are more acquainted with their new rights, they are more likely to exercise them, so its good practice to be one step ahead.
All the best,