With less than a month to go now before GDPR comes into force on 25 May 2018, we are busy helping clients with their compliance. GDPR requires us all to demonstrate our compliance rather than assuming it in the absence of any complaint or fines.
In order to demonstrate our compliance there are various actions that we can take:
- Undertake a data audit – GDPR requires us to give our staff, customers and contacts much more information in relation to their data. We cannot do this unless we understand what data we hold, why, who sees it, where it is stored and how long we keep it. An audit is the most appropriate way to truly understanding our data.
- Prepare your record of processing activities – GDPR requires all businesses to have such a record. This is an internal document which sets out in broad terms the processing activities you undertake. It is a requirement for all businesses with over 250 employees or which process special categories of personal data. Remember that this includes medical data and so even small businesses may be caught if they have any employees with medical issues.
- Implement Privacy by Design measures – GDPR requires us to consider data minimisation at all times – what do we need to keep and what can we get rid of, how can we minimise the data that we hold?
- Conduct Impact assessments if required – where you are considering a change to your data processing activities, either by implementing a new system, or outsourcing a business function, you must carry out an impact assessment.
- Review all data processing contracts to ensure that they are compliant going forward – GDPR introduces new liability for data processors and their contracts must be in writing and be clear as to the precise scope and nature of the processing tasks that you are asking them to undertake.
- Train staff and engender a new culture which looks at data protection compliance as a part of our daily business life.
If you require more help with your GDPR compliance, please contact us.
Tidman Legal is a firm of specialist intellectual property and business lawyers based in Edinburgh.