Prepare for GDPR

Data keyboard padlockI gave a talk about GDPR recently. For those of you who asked for the slides (there were only 2!) you can grab them here. Also, here are those 10 points to prepare for GDPR:

  1. Check you have “notified” the Information Commissioner’s Office that you are a data user (“data controller”): quick, cheap straightforward online registration
  2. Use the data self-survey
  3. Implement & adhere to an internal data protection policy
  4. Implement an external privacy policy
  5. Appoint someone with responsibility for data but you might not need a separate and dedicated Data Protection Officer
  6. Prepare for the new law: data protection by design & default, more robust rules around obtaining consent, data security measures, right to be forgotten, data portability, privacy impact assessments, Data Protection Officer, mandatory breach notification, larger fines
  7. Train your staff. This is a great way to try to reduce those fines.
  8. Check your data collection consent wording – is it plain and unambiguous and does it specify the purposes for collecting data?
  9. Check customer & supplier contracts – can you pass on responsibility for GDPR compliance? What about payment of fines? Public cloud providers often exclude all liabilities around data – does yours?
  10. Check your insurance extends to data protection breaches

Naturally, this is just a starter. Contact me if you want more detailed advice.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Advertisements

One thought on “Prepare for GDPR

What's your view? Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s