GDPR Checklist

GDPR Checklist

OUR 15 POINT GDPR CHECK LIST FOR SMALL BUSINESSES

Whether you are a client of ROI Designs or not, as a small business, you probably already fulfil many of the requirements of the forthcoming General Data Protection Regulation (GDPR). It is most important that you cover your ar*e (CYA) as sticking your head in the sand and hoping that it will go away will not do you any good when you get fined.

The GDPR will replace the current Data Protection Act on the 25th May 2018 and the implementation of the new rules will not be affected by the UK leaving the EU though some silly bureaucrats will probably spend a load of tax payers money renaming it.

We’ve created a 15 point checklist detailing the main principles and steps that your company should be considering in the lead-up to the introduction of GDPR.  It is only a guide and if in doubt we suggest that you contact an expert in the field.

PERSONAL DATA

GDPR is likely to apply to your business if you process personal data or special categories of personal data, as a data controller or a data processor.

DATA MAPPING

Do an internal audit to determine what data you have – this includes how it comes into your business, how you process it, and also where the data is sent.

INTERNAL AWARENESS

Train and inform your employees on impact of GDPR and how it will affect the running of your business.

INDIVIDUALS RIGHTS

Make yourselves aware with the 8 rights that individuals have under the GDPR and ensure that your policies and procedures can deliver these rights.

DATA SECURITY

Ensure that all your data security, handling and processing arrangements are set out in policies or procedures and make sure that they are regularly reviewed and updated.

DATA PROTECTION

Make sure you complete a data protection impact assessment. This will help you determine how you can comply with your obligations under the GDPR, particularly applicable with large scale or high risk data processing.

DATA STORAGE

It is important to ensure that your systems store personal data properly and securely.

DATA MANAGEMENT

Ensure that data is securely deleted and unnecessary data is removed to minimise the risk of data corruption or loss.

REQUESTS FOR INFO

Make sure you have prepared a plan/policy for handling subject access requests or requests for additional information under the GDPR and make sure your team is aware of it.

DISASTER RECOVERY

If there is a breach of security, prepare a security framework and an emergency plan which outlines clearly how personal data is to be handled or secured and what employees should do.

PRIVACY POLICIES

Update and review your privacy policies for your customers, suppliers and third party data processors.

DATA CONSENT

In preparation for GDPR, review your data consent processes. Consent under GDPR must be: freely given, specific, informed and unambiguous. People must make a positive opt-in and you must provide a simple way for people to withdraw their consent.

DPIA

Do a Data Protection Impact Assessment on all new projects or where you are using new technologies where processing is likely to a result in a higher level of risk.

DPO

We recommend that you appoint someone to take charge of your data protection obligations this is however only a legal requirement for public authorities, where you process special categories of data on a large scale or where you do large scale monitoring.

3rd PARTY DATA

Make sure that you obtain documentation to show compliance with the GDPR if you buy data or buy a client data base from a third party.

Share this post


LiveZilla Live Chat Software