GDPR – ten key actions to take today
Our new course on the GDPR includes key actions and advice to help ensure you are compliant. Here are ten key recommendations
One: Identify all categories of data
Your
Two: Record a clear description of data
The following questions should be asked of those people that are responsible for collating personal data.
- What process is it needed for? (eg Admissions, recruitment)
- How is security maintained?
- Who has access to the information?
- Who manages the data?
- Who are the data subjects?
- What is the source of the data?
- What software is used? (If any)
- Where does the data go inside the
organisation ? - How is the data stored?
- Does the data leave the
organisation ? - Does data flow outside of borders? (That is national borders to areas not covered by GDPR).
Three: Run a data audit
The ICO has several self-assessment checklists that you can use. On completion, a report will be created that gives clear indications of where your strengths and areas for improvement are.
Four: Appoint a Data Protection Officer (DPO)
The GDPR means that some
- you are a public authority (except for courts acting in their judicial capacity);
- your core activities require
large scale , regular and systematic monitoring of individuals (for example, onlinebehaviour tracking); or - your core activities consist of
large scale processing of special categories of data or data relating to criminal convictions andoffences .
Five: Pay your data controller fee (if relevant)
Under the GDPR a data controller may be required to pay a fee to the ICO. The amount paid is based upon the relative risk of data processing, and the size and turnover of the
Six: Complete a Data Protection Impact Assessment (DPIA)
A DPIA is a process that helps identify and
It is good practice to carry out a DPIA if any data system is being introduced that involves using personal data in a way it has not been used before, or new data is being collected for a new purpose. When carrying out a DPIA it is important you consult your DPO (if you have one) or seek expert advice.
Seven: Check your suppliers’ accreditation
It is a criminal
Eight: Respect the new rights for ‘data subjects’
Anyone, anywhere, who has data held on them by an
Their rights are:
- The right to be informed
- The right of access
- The right of rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making or profiling
Nine: Develop clear policies and protocols
Your
Policies and procedures will vary within different
Ten: Stay calm
Remember, if your
- what personal data is and how it is used
- why there is a need for change in data protection
- the new GDPR
- new legal requirements
- data maps
- Impact Assessments
- disposing of data and recycling
- new rights for ‘data subjects’
- promoting good practice
The course concludes with ten thought-provoking practical scenarios that cover issues such as Confidential Waste, Data Storage, CCTV, encrypted emails and managing visitors, and provides possible solutions to those issues.
The course costs £20.00 and you can buy online today.
Get in touch to find out more
Related articles:
What is The GDPR?
The General Data Protection Regulation or GDPR is the new law on how organisations can use personal data.
Read moreIntroduction to the GDPR
On 25th May 2018, the General Data Protection Regulation (GDPR) will become law in all European member states, including the United Kingdom who will still be a member at that time.
Read more