What is GDPR?
The General Data Protection Regulations came into force on 25th May 2018 – they are the new data protection laws. They aim to make privacy and protection of an individual’s data paramount and the consequences of getting it wrong can be very serious.
We can come alongside you and assist with a data audit to help you establish exactly what it is you have and then formulate a plan to ensure what you do with what you have is compliant with GDPR.
How do I become GDPR compliant?
You need to first know what it is you have and why you have it? Whose data do you hold, how did you get it, why did you get it, what are you doing with it? You then need to make sure that you are dealing with data in accordance with the following principles:
It has to be processed lawfully, fairly and in a transparent manner in relation to individuals
It has to be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
It has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
It has to be accurate and, where necessary, kept up to date;
It has to be kept in a form which permits identification of data subjects for no longer than is necessary
It has to be processed in a manner that ensures appropriate security of the personal data,
We can come alongside you and assist with a data audit to help you establish exactly what it is you have and then formulate a plan to ensure what you do with what you have is compliant with GDPR. We can draft appropriate policies and procedures and privacy statements and provide training for staff.
What do I do if I breach data protection?
If it is a serious breach then you have only 72 hours to report the breach to the Information Commissioners Office. Even if the breach is not reportable it is important that you take steps to assess how it happened and what can be done to prevent it from happening in the future. We can come alongside you to assist in reporting the breach and dealing with the Information Commissioner, we can assist with risk assessments, updating policies and procedures and training staff to help prevent breaches in the future.