With the introduction of the EU General Data Protection Regulations (GDPR), there is a clear intent to raise the bar of how organisations look after the personal data in their possession. Virtually all organisations hold some form of personal data. For instance, you may hold information about your employees, customers, leads, suppliers or other stakeholders. Therefore all need to consider how this new legislation (and the inevitable post-Brexit update) affects your organisation.
Governance and compliance
One of the key changes, when the regulations come into effect in May 2018, is the emphasis on accountability. Organisations need to demonstrate compliance by recording policy decisions, data audits and impact assessments. This elevates data protection from being an IT issue to a company-wide matter that requires strategic direction from the board.
Another key change is that it is no longer acceptable to process data based on implied consent. Therefore, where you do need consent (notably for marketing purposes) this must be explicit. You cannot bury consent in your terms and conditions, and you must keep a record of the consent. This is already causing issues for companies trying to gather evidence of consent for those already on their marketing lists. Organisations need to consider carefully how to go about obtaining consent both now and in the future.
Protection for your organisation
Tom Crellin can help review you to put into place best practice policies and procedures. These will comply with current and new legislation and put you on a secure footing to deal with future changes.
This might be:
- an audit of the personal data you are holding and what it is used for
- a review of your existing policies and processes,
- carrying out data protection impact assessments and assisting with decisions about how data is used and protected
- serving as your data protection officer in line with the requirements of the regulations
- delivering a programme or projects to deal with the specific changes required by the regulations
Tom has long experience in data protection. He is equally at home discussing strategy at CEO level as he is discussing technology with the IT team.
See how Tom Crellin can help you, contact us today.
For details of our compliance programme for small businesses, click here.