It feels like we have been talking about the arrival of the General Data Protection Regulation (GDPR) for a lifetime, but the final countdown is on with the official go live date just around the corner (May 25).

 

Countdown to GDPR

 

Here at eyefall, we have been working hard on the project to ensure we are GDPR compliant, not just for ourselves but for every client we work with and fulfil a number of digital, e-commerce and direct marketing solutions for both within and outside the European Union.

There is a lot of information on the topic and as you search online the task seems impossible but trust us it can be done! We have broken it down into bite-size chunks to help you ensure you have the main elements covered in time for May 25th.

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU)"

1) What is GDPR and what does it mean?

Start by sourcing a simple document outlining the updates GDPR brings and the terminology it uses, you will hear the words, controller, processor, breach, data protection officer and the likes over and over again, know what they mean from the beginning trust us it will make life much easier.

2) Training & Awareness

Get the key members of the business involved from the beginning to help you cover all areas of your organisation. Arrange a GDPR briefing session with your employees and key stakeholders to ensure all staff have an understanding of the new legislation and the role they play in implementing it.

3) Create a Personal Data Inventory

Think about every bit of personal data your company has; from your employee data, online or in store data collection points, financial data etc. Create a data map detailing what data you hold, why you hold it, how you collect it and where it is stored. If you transfer any data outside of the EU or deal with third parties with servers outside of the EU put together an international data transfer policy and ensure any other processors/sub processors have the correct international securities in place. This can be tedious but it is a great way to visually see weak points in your business when it comes to personal data and highlight key areas to focus on.

4) Identify If You Are A Controller or Processor and Your Legal Basis.

Think about whether you are the controller or the processor as well as your legal basis of holding/processing this data. If you cannot make a legal/business case for storing this data delete it. Do not retain data you know you shouldn’t have or do not need you are only exposing yourself. Don’t be a data hoarder!

5) Perform Assessments on all Third Parties, Freelancers or Contractors.

Do you send data to third parties for processing or are a processor and use sub-processors to fulfil a service to the end customer? If so carry out supplier assessments on all your suppliers/contractors to ensure they are GDPR compliant protecting the data you are entrusting them with and protecting your business in the process.

6) Contractual Agreements

One of the biggest changes GDPR introduces is the need to have controller/processor contracts. Once you have completed your supplier assessments and are happy with your suppliers compliance create new contracts outlining the data they will be processing. Describe the purpose of this processing as well has outlining the security and storage of the data and for how long it will be retained.  There are templates available online to assist you with these including all the relevant GDPR compliant wording.

7) Identify if your Business requires a Data Protection Officer (DPO)

Not all business are required to create this role: Visit the ICO website for further clarification on this for your business, Click Here

8) Update your privacy policies and terms and conditions.

This is the perfect time to ensure your company has all the relevant policies and procedures in place and to communicate these updates both internally and externally. GDPR has created enhanced rights for the individual to ensure their data is handled correctly, outline these rights to access within your privacy policy ensuring your policy is straight forward and transparent. View our latest Privacy Policy here for some guidance.

9) Update your Security and Breach Notification Policies

Data breaches must now be reported within 72 hours.  Educate your team on the security systems and protocol in place should there be a data breach within your organisation. Create a simple data breach notification form which is clear and easy to understand, circulate this internally along with your company protocol, this will make any breaches less chaotic and manageable should you be unlucky enough to have one.

10) Keep Up to Date

So, you’ve done it you have all your policies, contracts, confidentially agreements and training complete, what now? It is vital you keep up to date with GDPR and continuously update your systems to ensure continual compliance. Keep record of the data you are processing ensuring you are adhering to all the terms laid out your contracts in terms of retention, storage and usage of data. Give your staff regular updates and training ensuring they are kept up to date with any changes in policies and procedures in your organisation. Everyone in the organisation has a part to play to ensure your data is protected make sure you communicate this.

Implementing these effective measures will protect the personal data of your customers, employees and other stakeholders, and ensure data is processed lawfully, fairly and transparently.

Summary

Don’t get caught out and just hope your organisation goes unnoticed, start the process today if you haven’t already. GDPR has been created to protect all of our personal data and ensure we as the consumer are receiving the communications we want and protecting our data from falling into the wrong hands.

As for us as a business we see it as an opportunity,  an opportunity to break through the spam and get our products and services in front the right customers, an opportunity to update all our policies and procedures and engage with our employees and the opportunity to showcase our business further enhancing the trust our clients have in us.

 

*Please note this is not legal advice and the opinion of eyefall only, policies and procedures will vary by business if you are unsure seek legal advice to ensure compliance.