How Businesses can prepare for GDPR Deadline
What is GDPR?
Announced in 2016, the new EU General Data Protection Regulation (GDPR) will come into force on 25th May 2018. The aim of the new regulation is to ‘harmonise’ data privacy laws across Europe as well as give greater protection and rights to individuals. The regulation, in particular, will affect companies who process data of EU residents. However, all individuals, organisations and companies will be impacted, whether they are ‘controllers’ or ‘processors’ of personal data. Under the new regulation, the ‘destruction, loss, alteration, unauthorised disclosure of, or access to’ people’s data has to be reported to a country’s data protection regulator, where it could have a detrimental impact on those who it is about.
How to prepare for GDPR
The ICO have outlined 12 steps for businesses to take to prepare for GDPR:
- Make sure decision makers and key people in your organisation are aware of the changes.
- Document what personal data you hold, where it came from and who you have shared it with.
- Review current privacy notices and plan for any necessary changes.
- Check your procedures to ensure they cover individual’s rights.
- Update procedures.
- Identify the lawful basis for processing personal data.
- Review how you seek, record and manage consent.
- Verify whether you need to put systems in place to verify individual’s ages.
- Check you have the right procedures in place to detect data breaches.
- Familiarise yourself with ICO’s code of practice on Privacy Impact Assessments.
- Designate someone to take responsibility for data protection.
- If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority.