GDPR Starts Today (25th May)
It’s finally here and would you believe it, the world is still spinning! It hasn’t all come to a grinding halt after all.
GDPR was all over the radio this morning (including our own interview on radio Solent) and it was interesting listening to Elizabeth Denham this morning on BBC radio 4 talk about implementation from the ICO’s perspective.
It was reassuring to hear that the ICO is not ‘looking for perfection’; she said that they were not going to penalise businesses that were actively trying to be compliant and that the large scale penalties would not be levied at smaller businesses.
So how do we demonstrate our compliance?
You should:
- Undertake an audit – it is important to understand what data you hold, what you do with it, which legal ground you rely on in order to process it, who else you share it with, how long you hold it for and whether or not it goes outside of the EEA (look at where your servers are located!);
- Communicate this information to your customers (through your privacy notice and Terms & Conditions), your staff (through a staff privacy notice) and website users (online Privacy Notice);
- Train your staff;
- Review your marketing policy and ensure you have consent where you are sending marketing communications by email to consumers;
- Bring about a culture shift – we all need to consider data protection in our daily business lives.
And at all time, try and abide by the fundamental data protection principles which state that Personal data must be:
- Processed fairly and lawfully (lawfulness, fairness and transparency)
- Processed for limited purposes and not in any manner incompatible with those purposes (archiving in the public interest, scientific or historical purposes allowed) (purpose limitation)
- Adequate, relevant and not excessive (data minimisation)
- Accurate and up to date (accuracy)
- Not kept for longer than is necessary (storage limitation)
- Secure (integrity and confidentiality)
If you need any assistance with your GDPR compliance, please contact me.
For other related blogs on GDPR please click here.