If you are concerned that your GDPR compliance is not what it should be, then you are certainly not alone.
In fact, it has come to light recently, that the Information Commissioners Office themselves are not quite there yet when it comes to GDPR compliant practices. The ICO, who are responsible for regulating the UK data laws, have admitted that its current consent notice relating to the use of cookies on devices failed “to meet the required GDPR standard”.
This has led industry experts to question, if the ICO cannot follow their own advice, how can the rest of us be expected to do it? The ICO have apologised for the error, and are looking to rectify within the coming 2 weeks, but we can see from this that falling short of the requirement does happen! This is the time to act to ensure that best data policies and practices are in place, not only for regulatory compliance, but to safeguard the trust your data subjects place in you.
Perhaps you originally assessed your data and requirements before the GDPR implementation date (25th May 2018), and if so, now would be an ideal time to review this to make changes to processes where necessary. Or maybe you are still trying to get off the ground and are not sure where to start. In either case, there are some simple steps you can follow to get you on the right track to compliance.
1. Know your data
The first and most important step is to know what data your holding, why you are holding it, and what you are doing with it. The best way to do this is to conduct a company wide data audit. Make sure everything is included from computer files, to the notebooks on desks. Note down your legal basis for holding the data, how long you keep it for, and what you do with it.
2. Create and maintain your policies
Once you know what data you have, you will need GDPR compliant policies to help manage this data. A good place to start is a data protection policy.
3. Staff Training
What use is a well thought out, robust policy, that nobody implements, or even reads? The key to effective data management is making sure each member of staff is aware of their individual responsibilities. This would begin with a thorough induction.
4. Regular Reviews
In many organisations data will be coming and going all of the time. It is important to know what your company is holding at any one time. Regularly reviewing your data and policies will make overall management far easier.
5. Software for Compliance
Managing data on a daily basis can be cumbersome. There are many areas to consider, as we have explored above. Managing your responsibilities under the GDPR can be made much easier with a software solution like IComply from MEO-Business.
- P11D and P11D(b): 5 things you need to know now - 15 June 2022
- Expense management system ready to use for Bargain Booze - 19 May 2022
- 30 minutes with Laura - 28 April 2022
