In case you’ve missed it, there’s just over a year until the General Data Protection Regulation (GDPR), the EU’s new data protection rules that will supersede the UK’s Data Protection Act in May 2018 – no doubt you’ll have seen various tickers or timers counting down the months, weeks, days…
Moving towards readiness for compliance doesn’t have to be complicated. Whilst the law itself is complex and introduces a number of changes to the way data can be processed as well as rights for data subjects, it’s actually just an extension of what businesses should already be doing under the current UK regime.
But businesses are best advised to start thinking about whether they need to change any of their data processing practices, marketing processes or ways in which they collect data, so with that in mind, here’s five steps to get your organisation ready for the change:
1. Get to know the GDPR
If you’ve not yet worked out what the GDPR is all about then it’s probably a good time to start at least reading up about it. That’s not too much of a problem, given that there’s already some sound advice available, not least of all from the Information Commissioner’s Office (ICO) on their Data Protection Reform website. It’s also worth subscribing to the ICO blog to keep up to date on the ICO’s GDPR thinking (for example they’re currently consulting on the serious matter of consent at the moment). And don’t forget there’s also the Digital Compliance Hub news and alert service (and the Hub itself once we’re ready to launch).
2. Review your data
Audit and review the data you store, how you process it and whether your current processes are fit for purpose under the new regime. You need to be sure the data you already have fits within the new consent rules and then what you need to do to rectify it, if not.
3. Review your policies
You need to look at your current policies and the underlying processes (that should be following those processes) to make sure they’re up to scratch. Your privacy policies are undoubtedly going to need an update because of the new rules around consent and your policies in general need to be referencing the GDPR rules and not the Data Protection Act.
4. Put a plan in place
Once you’ve worked out how the GDPR impacts your business and the data you store, process and manage and what policies need updating, get a plan in place so you know you can deliver in time for the May 2018 deadline. Your plan needs to set out what needs to change within your organisation (and if steps 2 and 3 prove tricky for your organisation to carry out simply, you may need to start with a formal data audit across your business), set timescales and identify the key internal stakeholders responsible for delivering the various areas of the business. You may even need to nominate someone (or outsource) within your business responsible for project managing the plan.
5. Train your team
You also need to make sure all your employees, especially those in areas of the business who manage data processes or process data to fulfil their job roles (e.g. customer services, tech support, marketing), are trained to understand what’s changing and what role they have to play in ensuring ongoing compliance with the new rules coming. And, if they’re trained on the GDPR and what it means for your business then they’ll also understand the role of your plan and what they need to do to help deliver your plan of action.
So, on the face of it, all very straightforward and only a few steps, but in reality, depending on the scale of the data you collect, process and store, potentially a massive job, putting into context those tickers and timers counting down the time left to compliance – not much time at all!
Of course help is on hand – when the Digital Compliance Hub launches (later this month) you’ll immediately have access to the information, guidance, policies and support you need to make sure you’re compliant. If a subscription based solution works for your organisation whether you’re looking for some self-help or onsite help, there’s a cost effective solution to ensure not just data protection compliance, but privacy and marketing compliance too, along with cyber security advice to protect your business and your customers.
If you want to be one of the first to find out when the Hub goes live, then sign up to our alert and news service and we’ll be sure to let you know.
Providing cost-effective, simple to understand and practical GDPR and ePrivacy advice and guidance, via my one-stop-shop helpline. I ❤️ GDPR