GDPR will change the way all UK companies store and manage their business and personal data including employee data with the intent of strengthening and unifying data protection for all individuals. It will give people more control over how their personal data is used, and it will give businesses a simpler, clearer legal environment in which to operate.
The Information Commissioners office (ICO) will have the ability to issue much larger fines for data breaches and non-compliance than under the DPA which is spurring many companies into action. But we believe GDPR should be seen as a great opportunity to get your organisations data and processes in order by following best practice.
Organisations need to start by understanding their own data – what data they have, how they are storing it, how they use the data, and why they are keeping it and in turn carry out a risk assessment on that data. Data includes information you hold about your staff, your clients or service users and potentially, data that you might store on behalf of clients through services that you provide to them. Once this review is complete, you should update your internal information security policies to ensure you are taking appropriate steps to protect the information, and are using it in a way that wouldn’t be a surprise to the individuals concerned.
We can assist you with a readiness review for GDPR which will provide you with a report that shows how prepared you are for GDPR and outlines the gaps and activities you need to address before 25th may 2018. The Readiness Review provides a first step in your GDPR journey by considering how your organisation is positioned for 25th May 2018 and beyond. The review takes into account types of personal data (where it is held, whether it is secure, special types and recipients), existing privacy notices, policies and documentation, existing consents as well as software used, third-party providers engaged and the requirement for a Data Protection Officer etc.
"GDPR has been a discussion point for a long time now, but many organisations that we talk to are still confused about how to ensure they are fully compliant with the new legal requirements. We’ll work with you to ensure that you’re fully compliant and to train staff on what they need to know to ensure ongoing good practices and safe working, in order to protect you and your data subjects."