The General Data Protection Regulations (GDPR) is a European wide regulation that comes into effect on 25th May 2018. These are new rules for data processing of personal information.
Charterwells are helping small businesses to become and remain GDPR compliant to avoid large fines.
Key steps to take:
1. Become aware of GDPR and document the personal information, how you obtained it and who you share it with.
2. Review your data processes and security processes and update them to be compliant. For example if you collect personal information from your customers, you need to explain the legal reason for processing the data, how long you keep the data for and that individual has the right to complain to the ICO if they believe there is a problem. You need to document your lawful basis in order to help comply with the GDPR's requirements.
3. Ensure you cover all the rights that individuals have such as: being informed, erasure, data portability etc.
4. Ensure you know how you will handle requests from individuals. e.g. a request for their data to be deleted.
5. Children - GDPR brings in special protection for children's personal data. You may need parent or guardian consent in order to process their data lawfully.
6. Have robust procedures in place to detect, report and investigate a personal data breach. Certain types of breaches need to be reported to the ICO and in some cases to the individuals.
7. Designate a senior person to take responsibility for data protection and check if you need to designate a Data Protection Officer (DPO).
8. Update your T&C's, contracts and agreements with 3rd parties.