The data doctors will see you now
It’s cold outside, we’re all trying to avoid the gym, so why don’t you get your preparations for the new GDPR legislation all trim and toned in time for its launch on May 25th 2018.
GDPR will bring in new controls which will protect individuals and their privacy. You will need to be clear about what personal data you are collecting, why you are collecting it, and what you are going to do with it.
Before GDPR comes in to place The Data Compliance Doctors would like to advise you on the first five areas that all businesses should be considering:
- Data Protection Policy – This is the “Bible” of data protection information in your business. It is likely to reference all other relevant policies in the business, plus, will include other sections relating to the organisations “Privacy by Design”.
- Consent and Privacy Notice – It is recommended that you document your approach to consent, and removal of consent, by channel for any data that is to be processed. For marketing use, you need to gain the relevant consent which can be gathered from the privacy notice which informs the individual what data you are capturing and why and what you are going to do with the data once it has been captured.
- Data Asset Inventory – This is a centralised register of all data passing through the business, its details, its usage, where it is located and what the retention period for it is.
- Subject Access Request Form – Individuals have the right to ask you what data you hold on them and how it is used. The information provided should include details of the data that you hold, where you got the data from, how it has been used and where/if it has been transferred.
- Security Breach Policy – You should have a formal procedure for recording and declaring a breach in place and if notification of the breach is required this should be done within 72 hours.
You need to make sure your business is GDPR ready before its implementation on May 25th as companies can receive fines if the ICO feel the new regulations are not being followed. The data doctors are available to help with your preparations, able to provide you with consultancy, an online package offering or a hybrid version of the two.
If you would like any assistance to help you prepare your business for the implementation of GDPR please contact our Data Compliance Doctors via DataDoctor@Intermarketing.com.