Ticking off that GDPR checklist…

Ticking off that GDPR checklist…

Is the 25th of May circled in your diary? As of today (27 April 2018), there’s just under one month to go until the General Data Protection Regulations (GDPR) become law. Here’s a brief summary to guide you through some of the changes.

Have you….

… appointed a Data Protection Officer?

Or do you even need to? If you’re not sure, check the Information Commissioner’s Office (ICO) advice on Data Protection Officers.

…audited the data your business processes?

Do you know what types of data your organisation processes, where it came from and who you share it with? Check the ICO’s guidelines to make sure you’re on track.

…considered your legal basis for processing data?

There are six legal bases for processing data. And the ICO has a handy interactive tool if you’d like to confirm you’re using the right one.

…understood the capacity in which you process data?

Are you a data controller or a data processor? If you don’t know, you might find this useful.

…reviewed your security?

Is your data safe? Would your team know how to spot and report a breach? Or the number of hours within which it must be reported to the ICO? You’ll find all the answers here.

…checked you can comply with the new legislation on Individual Rights?

Would your team know what to do if a data subject asked for a copy of the data you hold on them? No? Guess what..? There’s a checklist for that!

…updated your privacy policy?

Have you updated the Privacy Policy on your website? If so, it’s important that you’ve been clear and concise – use no jargon and imagine you’re explaining something to an elderly relative.

…checked your legacy data has GDPR-proof consent?

If it does, great – you can tick this one off the list! But if not, you may need to refresh consent or change how you collect it to meet GDPR standards.

…thought about the new legislation if you process children’s data?

Does your team understand the obligations for collecting children’s data? Check the guidelines on obtaining consent.

…read and understood the new regulations for special categories of data?

You should also be aware of the new regulations for what the GDPR terms “special categories” of data – you’ll find more info here.

All of this may sound like there’s a lot to do, but don’t worry – if you were compliant with the Data Protection Act, you’re probably halfway there already.

For more information on the GDPR, please refer to the ICO website.

We’ve been on many a GDPR training course and read heaps of information, but we’re not legally trained, so this blog is not a substitute for legal advice.
This information is not intended as legal advice or counsel and is not represented as such by Whitewall. We make no warranties or statements regarding the legal acceptability of the information presented today. Actions performed as a result of this information are of your own choosing.