The GDPR comes into force on 25th May 2018, but organisations are recommended to start preparing for the changes as soon as possible to avoid non-compliance and ensure that any changes to processes and procedures can be tested, and that training can be implemented in good time.
Here is a list of some of the key items to consider and plan for when preparing your organisation for the General Data Protection Regulation:
- Ensure understanding of the new GDPR obligations
- Put in place HR, legal, IT and compliance teams
- Carry out a data audit
- Carefully assess current HR and marketing data, and related processing activities
- Identify any gaps with complying with the GDPR
- Marketing databases almost certainly will need to be cleansed
- Review current privacy notices and update them
- All information must be easy for individuals to understand
- Assess the legal grounds for processing personal data
- Check whether or not consent obtained meets GDPR requirements
- Ensure procedure exists to assist prompt notification of any breach
- Train employees to recognise and address data breaches
- Put appropriate policies and procedures in place
- Determine whether data protection officer must be appointed and think about how best to recruit, train and resource one