GDPR launch is written in the stars
Over the last few months, we've mentioned GDPR a few times in our newsletters and no doubt you've seen it in the news too. On 25 May 2018, GDPR - General Data Protection Regulation - will come into force and applies to all businesses. The regulation aims to secure individuals’ rights in respect of all personal data held about them, such as employee records, invoices, diary entries, patient records, recruitment records and customer lists.
In short, personal data includes anything that identifies an individual including their name, address, medical or banking details, place of birth, contact numbers, gender or marital status. Sensitive data or special category data includes, for example, genetic information, biometrics, health, ethnic origin and criminal activity.
To ensure you are GDPR compliant, it is important you plan ahead. Below are just some of the points to consider:
- carry out an audit on all personal data held, where/how it is held and who you share it with
- decide how long you need to retain personal data to be able to provide the services you offer
- show how you are GDPR compliant with documented data protection activity
- provide information to employees and job applicants on the purpose of collecting their personal data and their rights
- have a process in place for notifying the data protection authority of any data breach
- consider accountability and potential need for a Data Protection Officer
- ensure you have a compliant contract in place with anyone who processes data on your behalf
GDPR is daunting for most businesses who still have many questions and don’t know where to start. There are many companies offering their services to get you through GDPR effectively. If you are stuck and could do with a head start, ask us about our factsheet today at firstname.lastname@example.org