Five golden rules of GDPR preparation
We won’t explore the minutiae of GDPR here. There’s a wealth of information available elsewhere, including a detailed description of the rules on the European Commission website, some useful guidance from the Information Commissioner’s Office and some practical guidance on our own GDPR resource centre.
Instead, we’ve put together a checklist of five things to cover as part of your GDPR preparation. You really should be doing these five things already; if you’re not, you should start straight away.
- Increase awareness within your business – Key stakeholders across your business must understand what GDPR is and what its implications are for their activities. Ignorance will not be an acceptable defence.
- Assess your organisation – Audit the information you hold and review your existing privacy and security procedures, so you have a clear picture of any changes you’ll need to make.
- Define the lawful grounds – Once you’ve done your audit, you’ll need to identify on what legal grounds you can process personal data. These grounds will be one of the following: consent, contract, legal obligation, public interest, or legitimate interest.
- Establish control – GDPR gives people enhanced rights to access their data so you’ll need to review your privacy and data protection procedures to ensure they provide for these rights.
- Document compliance – You must be able to demonstrate that you comply with GDPR and this includes proving you’ve considered how the rules apply to all the data processing you do.
If you’re still using spreadsheets and crossed fingers to manage your customer data, you could be facing a real challenge to be ready in time for the 25th of May. If you’re already using technology like CRM, you might find it an invaluable tool in your efforts to make yourself GDPR compliant.
For more detail about our five golden rules, why not download our GDPR checklist? And whatever you do, don’t delay – just like your next tax return, the 25th of May will come around quicker than you’d think.