We have put together a short GDPR checklist for you to review as part of the upcoming changes. For many, the deadline has come around very quickly. It’s important that your business complies and our GDPR Checklist provides some key points to consider.
✓ Map out how data flows in your business
✓ Document the personal data you hold, where it has come from, who you share it with and how you use it.
✓ Who is your ‘Data Champion’ or ‘Data Protection Lead’. In some cases, you may need an official Data Protection Officer.
✓ Mitigate potential information risks by working with management to understand the potential impact of such risks on your business.
✓ Getting practical, and thinking about how your businesses technical systems operate, consider what measures should be taken to integrate data protection into data processing activities. See our post on the work we’re doing here at SalesSeek.
✓ Have a fun training day or half day where you get your staff together to communicate any major changes. Encourage people to find reasons to get behind these changes.
✓ Put in place systems that allow you to identify and report any personal data breaches to your controller.
✓ Have a simple process in place to respond to requests for information of personal data.
✓ Set a schedule to dispose of personal data that is no longer needed, in a secure and routine way.
✓ Have a data protection policy in place for your business
✓ Make sure you, as the decision maker in your business, demonstrate support for the new legislation. Promote a positive culture of data protection compliance across your business.
Looking at on the ground activity, here are a few other key points to consider when thinking about the flow of customer data.
- Say goodbye to pre-ticked boxes that sign people up to your marketing newsletter. Consent needs to come with a positive opt-in.
- Include a clear statement of consent when you are collecting data.
- Name any third parties that will rely on the consent
- Make it easy for people to withdraw consent and tell them how to do that.
- Think about how you track evidence of consent – who, when, how, and what you told people.
The above is by no means an exhaustive list but it’s an extremely important start. If you want to do a full status check to see how prepared your business is, visit the ICO website and complete the appropriate questionnaire. You can also read our post on GDPR – Data best-practice to help your team be prepared.