Tips for GDPR compliance
The new data protection laws are not going anywhere and 2019 is likely to be a year of action in which the new data rights, complaints and enforcement options are tested. However, the intention is not to drive you out of business and you can protect yourself by spending a bit of time on the issue.
The Information Commissioner’s Office (ICO) – responsible for enforcing the legal requirements – has been working through a back log of complaints. We anticipate enforcement will increase with “examples” made, though the ICO’s general mindset remains one of working with businesses.
With this landscape in mind, it is important to embed data protection. You can be proportionate to the nature and scale of your business in doing so, but we recommend considering at least the following as part of this process:
- Take time to understand the data you collect and why, and be clear on your legal basis for processing.
- Train your staff (including on your SAR response procedures) and support this with clear internal policies on data security and retention etc. The ICO always asks for these when investigating a complaint!
- Consider your current insurance. In particular: does it cover acts of a rogue employee; and is cyber insurance appropriate?
- Remember that you have legal rights and requirements to process personal data, so don’t panic. Be confident in why you are processing and respond accordingly.
© TechRadar Pro 2019