GDPR: What’s your Plan?

GDPR: What’s your Plan?

With the General Data Protection Regulation (GDPR) looming, electrical businesses must begin making the necessary business changes today, according to Paula Tighe, Information Governance Director at leading law firm Wright Hassall.

The new GDPR laws require companies to spend time preparing for its arrival – compliance isn’t something that can be achieved in a matter of weeks, and not meeting requirements could cost businesses dearly.

Raise awareness and register it

Firstly, it is important for businesses to record the entire compliance process, as this can help protect your company during the initial months. This ‘data register’ will show what personal information your company currently holds as well as the reasons for processing it.

GDPR is not designed to catch people out or stop businesses from doing things. Instead it aims to improve standards by encouraging you to look after data more carefully.

Review your existing digital and hard copy notices and policies; are they concise, written in clear language, easy to understand and easily found?

Finally, ensure these notices are readily available to individuals, and all information is clearly communicated – explaining how people can complain if they’re unhappy with how their data has been handled.

Rights of the individual

Once GDPR has been introduced, individuals will enjoy greater control over their personal data, which includes the right to request it is edited or even deleted.

One of the most effective ways to protect your business is to adopt transparent procedures, as this can help resolve any potential issues with the regulator, without the need for serious investigation and punishment.

Never assume consent

Handling consent for the capture and use of personal data for more than just contact, is a tricky area. You must obtain clear consent from the individual before using their personal data, and secure separate consent if you plan to use the data differently than first agreed.

How you attempt to obtain or confirm consent, will help mitigate any future problems at the hands of the regulator.

Keep reviewing and recording

Where data processing could pose a significant risk to individuals because of the technology being used, or the scale of the processing, you should undertake a Privacy Impact Assessment (PIA).

These assessments will help you and the regulator decide the likely effects on the individual if their data is lost or stolen and should form part of your ongoing processes.

Make someone responsible and keep it up

If your business handles data on a large scale, it may be worth appointing a dedicated Data Protection Officer to oversee ongoing data handling procedures.

It isn’t just electronically-held data that can pose a problem; you also need to consider written records, which are also covered by the regulations. Ensure all your staff are trained on the correct handling of personal data.

The most important thing to remember though, is to record the entire compliance process using your data register as this can help protect your business early on.

Those companies that can prove they’ve made an effort to meet the new requirements will fare a lot better than those who do not.

For more information about the services on offer from Wright Hassall visit: www.wrighthassall.co.uk

Related posts