The General Data Protection Regulation is being introduced on May 25th 2018.
It very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data.
At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.
There are a number of steps to become prepared;
- Review and enhance your organisations risk management process.
- Make an inventory of all personal data you hold, where it is held, and ensure its safety.
- Review all your data privacy notices alerting individuals to the collection of their data.
- Review your procedures to ensure they cover all the rights individuals have.
- Review how you will handle access requests.
- Review how you process data and identify your legal basis for doing so.
- Review how you obtain customer consent to record personal data.
- Be aware of the specific protection introduced for childrens data.
- Ensure you have the correct proceedures in place to report and investigate personal data breaches.
- Identify if future projects will require a "Data Protection Impact Assessment"
- Determine if your business requires a "Data Protection Officer"
How does all this effect you IT system and how you use it ?