- Manage expectations – GDPR ‘compliance’ is a matter of constant review, adoption of policies and adaption of processes. Plan, develop and sustain.
- Continued awareness and training for staff.
- Update your privacy policy, consent capture and recording.
- Review whether you require a Data Protection Officer.
- Consider certification standards such as ISO 9000, 27000 or BSI accreditations.
- Review and incorporate into your risk management framework in line with GDPR requirements.
- Review your systems of how to deal with enquiries, including SARs – do they require updating to account for the new GDPR requirements? Can your business and staff adapt to fulfilling these obligations?
- Align your governance with your policy statements. Look at your "opt in" privacy management and review in the light of existing policy and governance.
- Look at your suppliers and other third-party interactions that need controls in place or contracts changing.
- Establish a control regime for unstructured data. Look at ownership and action.
- Review, test and ensure information security policy for things like network administration. If you have an InfoSec department, they need to review the auditing and housekeeping policies, remove unauthorised papers, electronic copies from network shares and desk drawers; adhere to IT security, access and data retention policies, etc.
- Identify physical location of all cloud service hosts. Review the contractual arrangements, with particular attention to those hosted in third countries.
Contact our Data Protection and GDPR Solicitors Liverpool, Wirral, Merseyside and Across England & Wales
For more data protection and GDPR advice and support, contact our specialist team on 0151 659 1070 or complete our online enquiry form for a free consultation.
