The General Data Protection Regulations (GDPR) came into force on 28th May 2018. Many businesses both large and small still need to prepare for the changes. Here are 5 top tips to help you prepare.
- Customer Journey
Think about the journey through your business that each customer takes and at what point may you be collecting personal information from them. Do you have a contact sheet on your website or an integrated CRM system? Look at each of these points along the customer journey and check whether you have the right protection and correct wording in place. Record any of your findings and any processes or changes that you put in place.
- Where is your data?
It is important to find out and record where and how your data is stored. Make sure that you note all physical and electronic means. Once you have an audit of your storage you can check that they are GDPR compliant. Making sure you store your information securely is paramount and locksmith Doncaster companies such as https://www.danumlocksmiths.co.uk/ can help advise you on secure locks.
- How do you destroy data?
Are you holding on to data that is no longer needed? If so, now is the time to think about destroying this information. It is also important that you have a process for destroying information in the future. Whether this is because it is no longer relevant, out of its time frame or a personal request has been made by an individual to have their data deleted under the ‘right to be forgotten’.
- Update your security and data policies and procedures
A key element of GDPR is that policies and procedures must be easy to access and easy to understand. So now is the time to dust off your old policies and give them a revamp. You may also want to think about whether it is necessary for you to appoint a Data Processing Officer (DPO) and train them more substantially in the requirement for GDPR.
- Seek advice from the experts
GDPR can be a bit of a minefield so make sure you are fully informed. The Information Commissioner’s Office (ICO) have a dedicated section for GDPR which can be found on the following link https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ . There are also many organisations holding GDPR workshops and seminars. It is worth investigating what is available in your area.