GDPR Less Than A Year To Go
On 25th May next year the General Data Protection Regulation (GDPR) comes into force. From that date, the maximum level of fine for failing to comply with the new regulations will be the higher of 4% of annual global turnover or Euro 20 million. If you want to avoid a fine what steps should you be taking now to prepare for GDPR?
- Make sure that the key personnel within your organisation are aware of the GDPR. Governance measures should be implemented and training provided.
- Look at what data you collect and what you hold. Document where it comes from and who it is shared with. If necessary carry out a Data Privacy Impact Assessment
- Review your privacy notices to make sure that you are ready to provide all required information to the data subject
- Look at your internal processes and update them as necessary to deal with the right to be forgotten, the deletion of data when it is no longer required; and how subject access requests are handled
- Review how you obtain and record consents that you obtain from individuals. Pre-ticked boxes and opt-outs will no longer be a valid means of obtaining consent.
- Do you collect data about children? If so you need to put in place systems to verify ages and to obtain parental or guardian’s consent to the collection of data.
- Review and update your procedures for dealing with data breaches – in future all breaches must be reported to the ICO within 72 hours.
- Appoint a data protection officer to take responsibility for compliance with the GDPR if you monitor data subjects on a large scale. Every business handling personal data will need someone to take responsibility for data protection even if a data protection officer is not required.
- If you transfer data outside of the EU make sure you have in place the necessary safeguards.
If you would like to discuss the implications of the GDPR for your business please talk to Tollers on 01604 258558 and ask to speak to Liz Appleyard in our Commercial team.