GDPR – The Final Countdown!
- Are you ready for 25th May 2018?
- Do you have an up to date Data Protection Policy?
- Have you prepared Privacy Notices for different categories of data subjects?
- Are you clear on your data retention timescales?
- Are you clear on how you will manage subject access requests?
- Is your IT system secure?
All of these questions need to be on your radar and you need to be actively addressing them prior to the GDPR implementation date of 25th May.
Make a start by ensuring you know what data you hold, why you hold it and how long you need to hold it for. Use this as an opportunity to do a massive housekeeping exercise and if you are destroying out-of-date data – make sure you do that securely too!
GDPR brings data protection rules into the 21st century and is about:
- ensuring that as a data controller you have the tightest security arrangements in place and that you are 100% clear on who you are sharing data with and why; and
- ensuring that data subjects know what you are doing with their data.
There is a very high level of trust amongst most people that organisations are keeping their data securely and holding it lawfully – don’t get caught out as if you get it wrong, the new fines are eye watering!
A Data Protection Policy / Privacy Notice as a minimum needs to ensure you capture:
- Who you are
- The purpose of processing
- The description of data subjects / personal data
- The categories of recipients
- The details of transfers outside the EEA
- The envisaged retention periods
- A description of security measures
- How subjects can access their information and complain
Make sure you don’t get caught out and seek legal advice to ensure your policies and procedures are robust and that your staff know and understand the new rules, especially if you’re due a CQC inspection any time soon as the CQC will ask what steps you are taking to comply.
If you have any questions or would like to discuss GDPR or data protection generally, please get in touch.