How to prepare for the GDPR

The GDPR comes into force on 25th May 2018, but organisations are recommended to start preparing for the changes as soon as possible to avoid non-compliance and ensure that any changes to processes and procedures can be tested, and that training can be implemented in good time.

Here is a list of some of the key items to consider and plan for when preparing your organisation for the General Data Protection Regulation:

  • Ensure understanding of the new GDPR obligations
  • Put in place HR, legal, IT and compliance teams
  • Carry out a data audit
  • Carefully assess current HR and marketing data, and related processing activities
  • Identify any gaps with complying with the GDPR
  • Marketing databases almost certainly will need to be cleansed
  • Review current privacy notices and update them
  • All information must be easy for individuals to understand
  • Assess the legal grounds for processing personal data
  • Check whether or not consent obtained meets GDPR requirements
  • Ensure procedure exists to assist prompt notification of any breach
  • Train employees to recognise and address data breaches
  • Put appropriate policies and procedures in place
  • Determine whether data protection officer must be appointed and think about how best to recruit, train and resource one

Want to know more?

Click here to view SA Law's dedicated GDPR hub page for more practical information, views and insight from our expert teams. 

CONTACT CHRIS

If you would like more information or advice relating to this article or an Employment law matter, please do not hesitate to contact Chris Cook on 01727 798089.
Read our latest views & insight about the GDPR
SA Law Red arrow neon light image
Views & Insights
What to expect in Data Protection Law in 2019

Our Data Protection Team highlight what we can expect to see from the Data Protection Act in 2019 and the potential impact of E-Privacy Regulations.

Read More
SA Law Red arrow neon light image
Views & Insights
Google issued with £44m fine over GDPR breach

Head of Employment and Data Protection, Chris Cook, explains Google's GDPR breach that led to landmark £44 million fine.

Read More
SA Law Red arrow neon light image
Views & Insights
Vital GDPR considerations when acquiring a company

Alasdair Bleakley talks to Acquisitions Daily about an important and difficult hurdle in corporate transactions: the GDPR.

Read More
SA Law Red arrow neon light image
Views & Insights
GDPR - 6 Months On

Partner and Head of Employment & Data Protection Chris Cook comments on the impacts of GDPR over the past 6 months.

Read More
SA Law Red arrow neon light image
Views & Insights
ICO publishes passwords and encryption guidance

Partner, Chris Cook, identifies the new ICO guidance on passwords in online services and encryption under GDPR.

Read More
Stained glass window Employment SA Law
Views & Insights
GDPR and SARs; staying compliant and protected

Partner and Head of Employment & Data Protection, Chris Cook writes in Education Executive about the GDPR and SARs.

Read More
Red arrow light
Views & Insights
Divorce and the GDPR

In the Financial Times Adviser, Marilyn and Chris discuss the implications of being jointly instructed by one party in the proceedings.

Read More
SA Law Red arrow neon light image
Views & Insights
GDPR: A five step guide to dealing with a data breach

Chris Cook shares a five step guide to dealing with a data breach including assessing risk & reporting.

Read More