Want to get your records management policies in order? Here are Simon’s top tips.
New regulations and increases in both data, and data breaches, have provided IT decision makers and records managers with the […]
1. Undertake a comprehensive data audit of all the data in your business. Until you know what data you have and where it is, GDPR compliance is impossible.
2. Review your privacy policies immediately and start changing the way you collect data. Make sure you tell people what their information is needed for, what it will be used for and what rights they have. And don’t hide it away in small print. In future no personal data can be held without the express permission of the data subject.
3. Not all businesses need to appoint a data protection officer under GDPR – but in reality every business needs someone to take responsibility. Define that role now.
4. Dismiss any temptation to think GDPR is an issue for the IT department. It isn’t. It’s a company-wide issue which requires board-level leadership – and buy-in from every employee.
5. Budget now for the challenges ahead because there are some significant outlays ahead – whether that is to upgrade systems, complete data audits or to manage future demand from the public for data to be edited or deleted.
6. Think now about the thousands of boxes you may have in storage. GDPR doesn’t only apply to digital data – if personal data is stored on paper in the warehouse then the regulation still applies. It may prove more cost-efficient to destroy paper data which no longer needs to be kept by law. Storing it ‘just in case’ is poor protocol and could be costly.
7. Think about some of the positives you may be able to take from being GDPR compliant. How can you use data better in future and how can you make it work harder for you? Also consider how being compliant could boost your reputation and increase customer demand – rather than focusing on the big fines being discussed.
8. There isn’t long until GDPR comes into force, but that doesn’t mean there isn’t time to get ready. Companies which start the process now have a better chance of compliance in the long term – and stand a better chance of an understanding approach from the authorities in the short term. If you are going to panic, panic slowly – and prepare in the right way no matter how long it takes.
9. Identify the inherent risks in your business and ascertain which processes could cause harm. Which areas of the business are most at risk of a data breach? And which external threats exist? For instance areas of the business where you use a third-party or where some processes are out-sourced.
10. Training is key to avoiding data breaches and this should start immediately. Despite the high-profile incidents where hackers and data thieves have embarrassed big companies, the majority of data breaches are still down to human error. Training is vital.
Make sure you’re prepared for GDPR by contacting our experts here.
You’ll discover how to prepare for GDPR through our risk and readiness assessment. Helping you to review your risk profile and create an action plan to ensure compliance with the regulation.