Prepare for GDPR

Data keyboard padlockI gave a talk about GDPR recently. For those of you who asked for the slides (there were only 2!) you can grab them here. Also, here are those 10 points to prepare for GDPR:

  1. Check you have “notified” the Information Commissioner’s Office that you are a data user (“data controller”): quick, cheap straightforward online registration
  2. Use the data self-survey
  3. Implement & adhere to an internal data protection policy
  4. Implement an external privacy policy
  5. Appoint someone with responsibility for data but you might not need a separate and dedicated Data Protection Officer
  6. Prepare for the new law: data protection by design & default, more robust rules around obtaining consent, data security measures, right to be forgotten, data portability, privacy impact assessments, Data Protection Officer, mandatory breach notification, larger fines
  7. Train your staff. This is a great way to try to reduce those fines.
  8. Check your data collection consent wording – is it plain and unambiguous and does it specify the purposes for collecting data?
  9. Check customer & supplier contracts – can you pass on responsibility for GDPR compliance? What about payment of fines? Public cloud providers often exclude all liabilities around data – does yours?
  10. Check your insurance extends to data protection breaches

Naturally, this is just a starter. Contact me if you want more detailed advice.

Image courtesy of Stuart Miles at

One comment

What's your view? Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.