06 August 2018
1. Manage expectations - GDPR ‘compliance’ is a matter of constant review, adoption of policies and adaption of processes. Plan, develop and sustain.
2. Continued awareness and training for staff.
3. Update your privacy policy, consent capture and recording.
4. Review whether you require a DPO (Data Protection Officer)
5. Consider certification standards such as ISO 9000, 27000 or BSI accreditations.
6. Review and incorporate into your risk management framework in line with GDPR requirements.
7. Review your systems of how to deal with enquiries, including SARs – do they require updating to account for the new GDPR requirements? Can your business and staff adapt to fulfilling these obligations?
8. Align your governance with your policy statements. Look at your "opt in" privacy management and review in the light of existing policy and governance.
9. Review, test and ensure information security policy for things like network administration. If you have an InfoSec department, get they need to review the auditing and housekeeping, remove unauthorised papers, electronic copies from network shares and desk drawers; adherence to IT security, access and data retention policies, etc.
10. Identify physical location of all cloud service hosts. Review the contractual arrangements, with particular attention of those hosted in third countries.
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070