With the May 2018 deadline fast approaching GDPR compliance is something that organisations should already be thinking about. The new legislations are intended to unify the data protection legislation across the EU and will replace the UK Data Protection Act in the UK. The UK government have already made it clear that Brexit will have no effect on the introduction of GDPR.
The new GDPR legislations will cover any organisation that is based in or provides services to individuals in the EU. It will be much more wide reaching than the existing UK Data Protection Act. Individuals will have new rights to control personal data held and used by organisations. There are also new powers which will allow for significant fines for non-compliance.
Below we have put together a list of some things organisations should be doing to improve their GDPR compliance.
Has Awareness of GDPR Compliance Been Raised?
Check to see if decision makers and key people throughout the organisation are aware of the new legislation. They should understand what is changing and appreciate the impact these changes will have on the organisation. This awareness should be passed across the organisation to ensure all employees know the changes are coming. Areas that could cause problems for GDPR compliance should be identified and recorded on a risk register.
Has accountability for GDPR Compliance been set out?
To ensure GDPR compliance an organisation should put into place a data protection framework. This framework will be made up of policies and procedures that are intended to provide data protection compliance. Steps should be put in place to ensure the data protection framework is monitored and regularly reviewed. They should also look into implementing a data protection training programme for staff.
What Personal Information is Held?
All organisations should look to conduct an information audit to establish what personal information is held and to map the flow of this data. There should be measures in place to document where the data came from and who it is shared with. They should check to see if it would be necessary to appoint a data protection officer. A data protection officer would be responsible for GDPR compliance.
Has lawful basis and consent been established?
Organisations should review the processing that is carried out and identify the lawful basis for their processing of personal data. If lawful basis is the consent of the data subject then an organisation should check to see how consent is sought and how it is recorded and managed. Measures should be put in place to enable consent to be withdrawn by individual data subjects.
There are many more areas to consider as the deadline for GDPR compliance nears so we have added some useful links below.
How Can GDPR Compliance be Made More Efficient?
For GDPR compliance UK Document Management recommends digitisation of all personal data. Archives of paper documents are usually hard to control and can lead to major inefficiencies. Digital conversion of these archives will save significant amounts of time retrieving personal data. More secure storage can also be established once the archives have been converted.
UK Document Management can provide a range of compliant document management and scanning services to suit the need of an organisation. Contact us on 01625 574499 or email@example.com to learn more.