five steps to gdpr compliance

Share This Post

In case you’ve missed it, there’s just over a year until the General Data Protection Regulation (GDPR), the EU’s new data protection rules that will supersede the UK’s Data Protection Act in May 2018 – no doubt you’ll have seen various tickers or timers counting down the months, weeks, days…

Moving towards readiness for compliance doesn’t have to be complicated. Whilst the law itself is complex and introduces a number of changes to the way data can be processed as well as rights for data subjects, it’s actually just an extension of what businesses should already be doing under the current UK regime.

But businesses are best advised to start thinking about whether they need to change any of their data processing practices, marketing processes or ways in which they collect data, so with that in mind, here’s five steps to get your organisation ready for the change:

1. Get to know the GDPR

If you’ve not yet worked out what the GDPR is all about then it’s probably a good time to start at least reading up about it. That’s not too much of a problem, given that there’s already some sound advice available, not least of all from the Information Commissioner’s Office (ICO) on their Data Protection Reform website. It’s also worth subscribing to the ICO blog to keep up to date on the ICO’s GDPR thinking (for example they’re currently consulting on the serious matter of consent at the moment). And don’t forget there’s also the Digital Compliance Hub news and alert service (and the Hub itself once we’re ready to launch).

2. Review your data

Audit and review the data you store, how you process it and whether your current processes are fit for purpose under the new regime. You need to be sure the data you already have fits within the new consent rules and then what you need to do to rectify it, if not.

3. Review your policies

You need to look at your current policies and the underlying processes (that should be following those processes) to make sure they’re up to scratch. Your privacy policies are undoubtedly going to need an update because of the new rules around consent and your policies in general need to be referencing the GDPR rules and not the Data Protection Act.

4. Put a plan in place

Once you’ve worked out how the GDPR impacts your business and the data you store, process and manage and what policies need updating, get a plan in place so you know you can deliver in time for the May 2018 deadline. Your plan needs to set out what needs to change within your organisation (and if steps 2 and 3 prove tricky for your organisation to carry out simply, you may need to start with a formal data audit across your business), set timescales and identify the key internal stakeholders responsible for delivering the various areas of the business. You may even need to nominate someone (or outsource) within your business responsible for project managing the plan.

5. Train your team

You also need to make sure all your employees, especially those in areas of the business who manage data processes or process data to fulfil their job roles (e.g. customer services, tech support, marketing), are trained to understand what’s changing and what role they have to play in ensuring ongoing compliance with the new rules coming. And, if they’re trained on the GDPR and what it means for your business then they’ll also understand the role of your plan and what they need to do to help deliver your plan of action.

So, on the face of it, all very straightforward and only a few steps, but in reality, depending on the scale of the data you collect, process and store, potentially a massive job, putting into context those tickers and timers counting down the time left to compliance – not much time at all!

Of course help is on hand – when the Digital Compliance Hub launches (later this month) you’ll immediately have access to the information, guidance, policies and support you need to make sure you’re compliant. If a subscription based solution works for your organisation whether you’re looking for some self-help or onsite help, there’s a cost effective solution to ensure not just data protection compliance, but privacy and marketing compliance too, along with cyber security advice to protect your business and your customers.

If you want to be one of the first to find out when the Hub goes live, then sign up to our alert and news service and we’ll be sure to let you know.



More To Explore


The key message from the ICO regarding the use of AI is not to forget if AI is processing personal data, then you need to

Read More »

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy