Remember GDPR is fast approaching! Come May 2018 businesses must all adhere to the new rules concerning personal data and consent. For small businesses looking into the new legislation now, it should be easy to get your data in order in time. I’ve created a checklist for small businesses so they can make sure they don’t miss anything.
To quickly recap, the new legislation is being brought in as a data protection act to change the way companies are storing and using data.
Know your data.
Your business will need to be able to demonstrate an understanding of the types of personal data (e.g. name, address, email, bank details, photos) and sensitive data (for example health information or their religious views) you hold. You also need to record where they’re coming from, where they’re going and how you’re using that data. The data must be from all customers, employees, suppliers and partners.
Are you relying on consent to process personal data?
You need to sit down and identify whether you’re relying on consent to process personal data. So if you are, will become more difficult under the GDPR legislations. Consent now needs to be clear, specific and explicit. For this reason, you should avoid relying on consent unless absolutely necessary.
Review security measures and policies.
These will need to be updated to ensure they’re GDPR-compliant, and if you don’t currently have any, you still have time to get them in place to avoid the penalties.
Train your employees to report a breach within 72 hours.
Make sure all employees understand what personal data is. It’s also important that everybody involved in your business is aware of a need to report all mistakes person or team responsible for data protection compliance in your business. If you have more people trained, looking for and reporting breaches, you are less likely to break the new legislation.
Does your supply chain meet the new legislation?
You should ensure that all suppliers, partners and contractors are GDPR-compliant to avoid being impacted by any breaches and consequent penalties. You’ll also need to ensure you have the right contract terms in place with all external links.
Create fair processing notices.
Under the new GDPR legislation, you’re required to outline what you’re doing with individuals personal data. You have until May to get the processes in place. Set deadlines now to get your company on track.
GDPR is real, and the introduction of the new data protection legislation is fast approaching. Get your personal data in order now by using this checklist.
Share and enjoy
If you have any questions or comments about this post, please fill in the comment box below. Or send me an email: firstname.lastname@example.org. To find out more about bOnline, please visit our website.