GDPR Special Edition
On 25th May, new General Data Protection Regulations come into force.
What does this mean?
GDPR acknowledges that organisations now handle most if not all data electronically. The regulations are designed to change mindset with regards to protecting individual’s data.
Treat complying with GDPR as a commercial project – you need to be legally compliant, as do your clients, suppliers and customers. Ensuring that you are fully protected will not only give peace of mind but also protect you from the hefty fines promised and potential reputation damage.
6 key ‘data handling’ principles to ensure your business complies with the new Data Protection Policy;
• processed lawfully, fairly and transparently
• collected for specified, explicit and legitimate purposes
• adequate, relevant and limited to what is necessary
• accurate and kept up to date where necessary
• kept for no longer than is necessary where data subjects are identifiable
• processed securely and protected against accidental loss, destruction or damage
Steps to follow:
1) Companies should audit their current processes and create a stance that is an accurate representation of their new approach to handling personal data. Don’t commit to a policy if you don’t work to it.
a. Consider what personal and sensitive personal data is obtained from employees
b. How and where that data is stored, accessed and used, and the basis for collecting, storing and processing it
c. what data is shared with third parties
d. what kind of monitoring of employees takes place and where.
Your GDPR Action Plan:
• Who is going to manage and champion the process;
o consider what documentation must be prepared or updated
o review policies and processes and decide which to change
o arrange an update training session
o who else needs to be involved – do you need privacy policies from your suppliers?
If you would like to know more about how we can assist with developing the people section of your business please contact us; firstname.lastname@example.org/ 07990 537522