We have all heard about the new Regulations which will be effective from 25th May 2018 but are you ready for this latest piece of legislation which amends the Data Protection Act? Teme HR Consultancy have put together the top 10 things to think about with this new piece of legislation
- Ensure all personal data is kept securely and you have processes in place which will ensure this security. Any breach of security in that the personal data becomes known to those outside of the organisation is what could lead to fines being issued, which, as stated by the Regulations is up to 4% of your turnover
- Assess all procedures of processing personal data so that you are fully aware of who will come into contact with personal data. You need to be transparent as to who will be handling the data so that the data subject is aware who will see their data
- Gain complete understanding and buy in from all senior leadership teams so that they are fully aware of the new Regulations, leading from the top is the best way to help ensure compliance and full understanding
- Assess why you need any personal data you hold; do you have a legitimate business reason for holding this data? If not assess whether you have consent from the individual
- Review all places you hold data, hard copy files, electronic databases, spreadsheets of information, emails where you have passed data to someone else within the company or even outside, is this data secure, has it gone outside of the business, does the data subject know their data could be sent to these people?
- Are your privacy notices up to date, do they reflect the changes in regulations? These may need addressing to ensure they comply with the new Regulations
- How do your suppliers process personal data, what have they in place. Additional requirements are being introduced when using data service providers outside of Europe, and your suppliers should be aware of these changes by now.
- Have you considered IP addresses as personal data? This could be part of the Regulations, ensure you are fully aware of IP addresses as well as any other online applications and how they are stored and accessed
- Do you have CCTV, have you the right policies in place to ensure you are monitoring with consent?
- The key question is – do I really need this data!
So, are you GDPR ready? If you need any further advice on the above or want to ensure your business is ready for the new Regulations but need some help or advice, or an audit on your current situation, please do not hesitate to call one of our HR Consultants on 07989 343361 or email us on firstname.lastname@example.org and we will be happy to talk through with you.