It’s arrived, May 25th 2018, the day GDPR comes into force. Find out what this could mean for you.
If you’re responsible for a business or organisation, hopefully you’ve already sorted your GDPR compliance, you’ve identified what personal information you use, found a suitable lawful basis for it and let the owners of the information know what your processing and why.
But that doesn’t mean the process is over, getting compliant was the first phase, you now have a duty to ensure you remain compliant. You should audit your data and processes regularly to check they are being followed and still adhere to GDPR, you should be keeping your information minimalised and relevant, and you should keep your staff informed on your procedures.
You should also be reviewing and processing any data subject requests, this is when an individual requirements access to the information you hold on them, or asks you to erase their personal information.
We know there are a number of organisations that are not yet compliant, some have started to work towards compliance but have gotten bogged down in details and conflicting information, or just need some advice on details specific to their business, some have not got that far, maybe overwhelmed by the size of the project to get their information compliant.
We can help you get your organisation compliant and make sure you handle the information of your data subjects in a responsible and fair way, helping to avoid the ICO financial penalties.
The ICO have mentioned that organisations who show sufficient progress towards compliancy will be in a much better position than organisations who have neglected their responsibilities and not made any effort to protect individuals information.
Individuals now have enhanced powers with regards their data. If an individual submits a request, such as to view all the information an organisation holds about them, they should expect the reply within 30 days and there should be no charge for this information.
There are some exceptions to this, but on the whole organisations will have to follow those rules.
More about the rights users have can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
We can audit your data, identify what needs to comply and help you draw up compliancy policies and procedures to help you comply.
Contact us today.
The ICO Guide for GDPR can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The actual GDPR text can be found here: EU GDPR
Leave a Comment