Happy New Year!
Returning to work after the Christmas break is never an easy task. Whether you are still recovering from the festive grub, or your head is still slightly sore from the New Year’s Eve do, we wanted to help you start the year the right way with some GDPR tips and tricks around the forthcoming. You may have done a lot of work to prepare already, or maybe you’re just getting started. Regardless, these tips should help you.
So where do you start?
- Know the data that you want to protect. Ask yourself: what data does my organisation hold? Who processes it, and why? And, most importantly, where is it? Answering these questions is essential if you want to put together a good data protection strategy.
- Educate your employees. This is crucial. Train them on privacy law and the GDPR and give them practical advice on how to handle personal data.
- Limit access to (and the collection of) personal data. Ask yourself if you really need particular sets of personal data: could you do without them, or could you anonymise them without hindering your objectives?
- Analyse your risks. With the GDPR only months away from being implemented, more and more enterprises are adopting cyber insurance to protect their data in the event of cyber-attacks or breaches. However, don’t rush it – ask yourself where your specific risks lie as each company is different.
Once you’ve looked at the above, consider the points below:
- GDPR is NOT a data security regulation. Of the 90 Articles, only 3 (Articles 32-34) deal directly with data security. All of the subject rights (right of transparency, right to rectification, right of access, right to object, right not to be subject to automated processing, right of erasure and the right to restriction of processing) have nothing to do with data security. Furthermore, as everyone talks about fines, violations of basic principles of processing, conditions of consent and data subject rights are twice as important as data security.
- Therefore, look at the directive and interpret it: what does it mean to your business? How does GDPR impact it? Why do you hold the personal data you hold and on what legal grounds (and remember, consent is only one of the legal grounds)?
- Once you’ve done this, set up a transformation programme and get everyone involved. Programme management is key as you need to work with all areas of the business, from HR to IT to Marketing.
- Finally, record it, accountability is key. You need to be able to demonstrate your journey to compliance.
Remember, despite all the fear tactics and warnings about GDPR fines, your efforts to achieve compliance is what matters the most. Negligence is what you must avoid.
As you can see, good legal and technical advice is crucial. We are here to help you navigate the requirements of the new regulation and ensure you focus on the right thing: turning GDPR into an opportunity for your business and your customers.
If you would like to find out more contact us on +44 (0)20 7090 1091.
Of course there are also some external sources which can help you to find out more, one of which being the ICO.