At Agile, we continually follow the GDPR guidance updates and can support and advise your business to assist with compliance;
GDPR acknowledges that organisations now handle most if not all data electronically. The regulations are designed to change mindset with regards to protecting individual’s data.
Treat compiling with GDPR as a commercial project – you need to be legally compliant, as do your clients, suppliers, and customers. Ensuring that you are fully protected will not only give peace of mind but also protect you from the hefty fines promised and potential reputation damage.
6 keys ‘data handling’ principles to ensure your business complies with Data Protection Policy (2019) ;
- processed lawfully, fairly, and transparently
- collected for specified, explicit and legitimate purposes
- adequate, relevant, and limited to what is necessary
- accurate and kept up to date where necessary
- kept for no longer than is necessary where data subjects are identifiable
- processed securely and protected against accidental loss, destruction, or damage
Steps to follow:
- Companies should audit their current processes and create a stance that is an accurate representation of their new approach to handling personal data. Do not commit to a policy if you do not work to it.
- Consider what personal and sensitive personal data is obtained from employees
- How and where that data is stored, accessed, and used, and the basis for collecting, storing, and processing it
- what data is shared with third parties
- what kind of monitoring of employees takes place and where.
Your GDPR Action Plan:
- Who is going to manage and champion the process;
- consider what documentation must be prepared or updated
- review policies and processes and decide which to change
- arrange an update training session
- who else needs to be involved – do you need privacy policies from your suppliers?