With just one month to go until the General Data Protection Act becomes law the pressure is on. You may be starting to panic and trust me you’re not alone with a recent report revealing that 60% of businesses are likely to miss the GDPR compliance deadline of May 25th, 2018. Furthermore only 7% of businesses report being in compliance with the GDPR, and a shocking 28% have not even begun work towards the May 25th deadline.
The issue for a lot of organisations is that the GDPR is such a vast act leaving people with a ‘where do we start’ headaches. Other issues brought up in the report cite lack of budget and not enough staff to implement changes.
At Typetec we’re working with several companies surrounding GDPR compliance. We’ve created a GDPR packaged solution to assist companies for as little as €10 per user. Every business will be different when it comes to their GDPR requirements. However, there is a checklist of components that every company who processes and controls data will be responsible for following, these includ
- Consent & Obtaining Data:
As part of the GDPR you must have a process in place that records positive consent of individuals as well as making them aware of the uses for the information they share through this consent. Part of this also requires detailing your data-collection practices so they’re open, transparent and up-front. For most companies this will require an up to date privacy notice and new consent policies to allow for positive consent.
- Purpose Specification:
This is being clear on the purpose around why you hold the data you do. It’s being clear with the company, the data protection office and the individuals what this purpose is inline with the new act. As well as having responsibility assigned to maintaining a list of all data sets and the purpose associated with each.
- Disclosure, Use & Awareness of Information:
Does everyone in your company know the correct way of using and disclosing information regarding personal data? And do you have a list of who this information is disclosed to? A vast part of GDPR is awareness, education and training of all employees in an organisation.
Do you have security provisions in place for the personal data you hold? Is someone responsible for development and review of this? Are your devices and databases secure? Do they need to be password-protected or encrypted? Is all data securely locked away and who has access to it?
- Subject Request:
If an individual asks you to share the information you have on them or asks you to justify why you have a certain piece of information on them, can you? And can you it in a way that it can be displayed to the individual in an easy and quick format? Who controls these requests and it the procedure compliant?
- Retention & Up-to-date:
Do you check your data for accuracy? Are your databases kept up to date? Do you have time limits set in place for the data that may be time-sensitive? For the GDPR you must also have a clear statement for individuals on how long you retain data and why you have an obligation to do this. Along with how you may dispose of it when necessary.
Do you know whether you need to registered with the Data Protection Commissioner? And if so is a named individual responsible for meeting registration requirements?
To start checking of this list get in touch with Typetec by emailing email@example.com.