Here are our top 10 practical tips to get ready for the GDPR: 1. Fully understand why you collect and hold data. The GDPR requires you to give more information to individuals explaining how their data is used – you can only do this if you understand the reason why you collect and hold it in the first place. 2. Stop collecting data you don’t have a legitimate need for – addressing point 1 should help you identify where changes can be made. 3. Update your privacy notices to provide the additional information required by the GDPR. 4. Treat data such as IP addresses and other online identifiers as personal data. 5. Review your consent practices to bring them in line with the GDPR’s standards. Many organisations we talk to are relying on consent when they don’t need to – could you be doing the same? 6. Train staff on the enhanced data rights given to individuals by the GDPR. All staff should be aware of key changes, such as no longer being able to charge for responding to subject access requests. 7. Assess how long you retain data for, and how you store and secure it. The GDPR doesn’t necessarily require you to change your practices on these points, but you shouldn’t hold on to personal data for longer than you need to, and it needs to be kept secure. 8. Amend all of your data contracts. Even if they comply with the current law, they will need to meet additional requirements introduced by the GDPR. 9. Speak to any suppliers or partners who process personal data for you. Additional requirements are being introduced when using data service providers outside of Europe, and your suppliers should be aware of these changes by now. 10. Keep records of what you are doing to prepare for the GDPR. Organisations will need to evidence their compliance with the legislation, under a new “accountability” concept included by the GDPR. Covering the above points is a good start to undrestand your data profiles following which you can begin to build effective processes, security and incident response and are as prepared as possible for the new data protection regime. For help becoming compliant/staying complaint have a chat with our experts
GDPR with Protech
Protech Communications is a limited company registered in England Reg No 5878306, VAT No 8929 158 72 Head Office, The Elms, Chapel Road, Boston, PE22 9PW