This information is based on a checklist produced by the Information Commissioner’s Office:
- Make sure all of your staff are aware of the new legislation and their responsibilities in relation to it.
- Document all of the personal information you hold, including any information you may have in relation to any staff, and why you hold it. (You may need to carry out an audit to elicit this information).. Review your privacy notices and make any changes you need in order to be compliant with the legislation.
- Review the means by which you hold information and ensure that it is available in a format that satisfies the rights of individual subjects. Are your deletion processes clear and well-documented?
- Be prepared for the new requirements for Subject Access Requests.
- Identify and document the lawful purpose for holding and processing personal data, including if necessary an update to your privacy notice.
- Review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the new regulations.
- If you process any personal data relating to children you must make sure that all of the relevant consents, and processes for gaining consent in future, are in place.
- Make sure you have the right procedures in place to identify, manage and report a data breach.
- Familiarise yourself with the principles of Data Protection Impact Assessments and Privacy By Design and be ready to implement them in your organisation
- Assess whether you are formally required to designate a Data Protection Officer (the person in the organisation with responsibility for data compliance). If you are, establish where they sit in the organisation and make sure you, they, and any other staff are fully aware of their role and responsibilities within the organisation in relation to the GDPR.
- If you carry out cross-border processing, make sure you know your lead data processing supervisory authority.
Contact us to see how we can help you.