I gave a talk about GDPR recently. For those of you who asked for the slides (there were only 2!) you can grab them here. Also, here are those 10 points to prepare for GDPR:
- Check you have “notified” the Information Commissioner’s Office that you are a data user (“data controller”): quick, cheap straightforward online registration
- Use the data self-survey
- Implement & adhere to an internal data protection policy
- Appoint someone with responsibility for data but you might not need a separate and dedicated Data Protection Officer
- Prepare for the new law: data protection by design & default, more robust rules around obtaining consent, data security measures, right to be forgotten, data portability, privacy impact assessments, Data Protection Officer, mandatory breach notification, larger fines
- Train your staff. This is a great way to try to reduce those fines.
- Check your data collection consent wording – is it plain and unambiguous and does it specify the purposes for collecting data?
- Check customer & supplier contracts – can you pass on responsibility for GDPR compliance? What about payment of fines? Public cloud providers often exclude all liabilities around data – does yours?
- Check your insurance extends to data protection breaches
Naturally, this is just a starter. Contact me if you want more detailed advice.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net