GDPR is Here: Are You Taking Action Yet?
With GDPR about to hit this Friday, there’s no excuse to not be taking steps towards compliance. Failure to do so will now result in hefty fines, but don’t panic: as long as you can demonstrate that you’re moving towards compliance, the ICO (Information Commissioner’s Office) are more likely to be lenient.
If you haven’t already familiarised yourself with the ICO’s 12 Steps to take now
checklist, now is definitely the time to do so.
Have you assigned a Data Protection Officer yet?
It’s important to make sure you have designated an individual who ensures that your company understands the regulation and is compliant. This is particularly vital for companies who collect and process large amounts of personal data, or data concerning children. Whilst this individual should take responsibility for your overall data protection compliance, it is recommended that a person in every department is acquainted with the GDPR to help filter compliance through the organisation.
Do you know where your local supervisory authority is located?
Your Data Protection Officer should also be made aware of where the nearest GDPR supervisory authority is located, as well as their contact information. If your business breaches the new data regulations, the supervisory authority must be notified of it within 72 hrs. For more information on reporting a breach, visit the ICO website here.
Have you invested in training for your employees?
It is also important to ensure your employees are fully aware of the new regulations and are appropriately trained on the subject. Training and education should be an ongoing process, updated to suit any further clarifications to the regulations, to make sure that your company does not breach privacy rights at any time.
Have you completed a current data assessment?
Carrying out a current data assessment is essential to understanding how data is currently being collected, including the way in which your company gains consent from individuals, and the security measures taken to protect data. Ideally a current data assessment should have been carried out prior to GDPR, however, if you haven’t already done so, this is a good way to demonstrate your efforts towards compliance.
Have you reviewed your privacy policy?
As well as ensuring you have completed a current data assessment, it’s also vital to review your website’s privacy policy. Due to GDPR, there are additional changes that should be made to privacy policies, such as needing to explain your lawful basis for processing data and your data retention periods. Therefore, it’s important to make sure your privacy policy reflects the new requirements of GDPR.
Have you deleted data you no longer need?
Before GDPR, many companies collected as much data about their customers as possible – even if it wasn’t necessary. With the introduction of GDPR, it’s important to consider that any data you hold is a risk and must be protected, so it’s easier just to delete the data you don’t need. It is also vital that you delete any unnecessary personal data that was obtained without consent, unless you plan on explicitly asking for consent immediately.
Have you got an adequate CRM system?
With Customer Relationship Management (CRM) systems such as Infusionsoft, you can ensure that all of your customers’ data is safely stored. Infusionsoft also makes it easy for you to manage your lists of data, clearly see when consent has been obtained and easily remove data if requested.
Whilst you should be taking the relevant steps to ensure your business is GDPR compliant, don’t panic if you aren’t 100% compliant just yet. Implementing a completely new data protection programme takes time and understanding, so focus on the audit trail that proves you’re continuously taking steps towards compliance.
Looking for advice on which Customer Relationship Management systems can help support you with complete data compliance? Call our team on 01462 262020, or email us at hello@focus7int.com.
